NAT is not a security feature, it wasn't meant and it doesn't by itself add anything, except complicates communication.
You supposed to control access with firewall, and controlling security is much easier when computer/device has a routable address.
Though, IoT devices should probably be restricted of any Internet access based on their security track record (but again, this is orthogonal to being directly addressable).
While NAT does not provide perfect security, it is a component of security in networks where most people have no idea how to harden their systems or devices. It somehow gives me comfort to know that no one can just scan the net to find my phone, as I'm not sure if it would be vulnerable.
I still don't see a reason for the average consumer to have a static, reachable IP for their devices. I see privacy concerns but no advantages.
You supposed to control access with firewall, and controlling security is much easier when computer/device has a routable address.
Though, IoT devices should probably be restricted of any Internet access based on their security track record (but again, this is orthogonal to being directly addressable).