> NAT and stateful firewall are separate things
NAT is just one policy a stateful firewall can implement. I wouldn't call that separate.
> NAT is irrelevant to security
NAT is the single easiest to use policy on firewalls shipping today. And it's disturbingly
effective. That makes it quite relevant to security doesn't it?
As I've said on this very thread, I loathe NAT. I really hope IPv6 will do away with it.
And, again, here's the point: before it can, IPv6 needs to provide something better. Something
even more secure and even easier to administer. 
In the last 15 years of watching IPv6 gestate, I haven't seen any work on this front (I don't
follow v6 very closely anymore so it's entirely possible I've missed it; tell me if I have).
Maybe papers have been written, specs hammered out, names and policies standardized, and
Cisco/Linksys, F5, BI, Foundry, NS, etc are all in agreement. Maybe working software even
exists. If not, though, I'm afraid IPv6 has a lot of catching up to do.
It doesn't matter how advanced something is, it's worthless if it's not usable by the people
deploying it. That's why NAT is so popular. And *that* is where IPv6 needs to do better.
Just dismissing NAT as teh sux is to miss why it's been so successful. (Hint: the IPv4
shortage is not even an issue yet).
At this point, I feel like I've repeated myself again and am well on my way to looping back
for fourths. If my point still not clear, I apologize.
 NAT is pretty much optimal as far as ease of administration: on / off. Things go bad if
you need to transit weird protocols like SIP or non-PASV FTP of course. That's where IPv6
will really shine... if and when the industry starts making easy to use IPv6 firewalls.