NAT has nothing to do with security. What people confuse as security is the fact that NAT is always implemented in the form of NAT+filter, never as just NAT alone. So they think the security comes from the NAT part when in reality, it's the filter part that does the job of keeping the network secure. You can remove NAT and keep the filter and have exactly the same security with IPv6.
If there was such a thing as NAT _without_ a filter, your ISP could simply set a route to your private address space via your external router - since he's the next hop - and access your internal network freely.
If you think NAT has anything to do with security you're just an amateur who knows nothing other than his plastic blackbox "consumer" router, and draw conclusions from what he sees in the user interface of that thing.