Temporarily running it alongside the replacement was the best you were ever going to get.
I don't believe that that was the best that could be devised. The simple fact is that there are millions of networks using NAT and some better migration path should have been created for them.
NAT is _NOT_ a security mechanism and does not provide any protection to anything.
NAT may not be intended as a security mechanism, but it does provide some level of protection.
The vast majority of compromised IoT devices that form botnets today have been compromised via legacy ip
Did you ever hear of "defense in depth"?
Aside from the ease of scanning the address space both locally and remotely
Please explain how one would scan the address space behind a NAT router.
the small address space also makes XSRF attacks much easier
I'll admit to not being a security expert, but the descriptions of XSRF attacks all talk about tricking the user into going to the wrong site. Do IoT devices typically have users that can be tricked in this way?
Most of those IoT attacks rely on the IoT device being addressable from outside the local network. At the very least, finding a device behind a NAT router takes more time and more resources, hence increasing costs for the attacker.
But, fundamentally, NAT is widely used today and no real consideration was given to migration of such networks.
Just labeling them "bad" doesn't actually help with migration.