I'm one of those "address-hiding security" fans - I've architected and deployed more than 7 million (currently operational) IPv6 nodes, 100% of them in RFC 4193 space. We have many layers of security. Link Layer Security, Application Layer Security, Firewall Security, IPsec Security, App Transport Security in addition to the non-routability security.
I've never understood security professional who turn their nose up at the usefulness of using a non-routable IP address in your environment. It's always seemed self evident to me, that putting your resources on something like "192.168.1.5" - on an internal network, in addition to all of the other steps you take, would be yet another layer of defense that makes an attackers life difficult. And, in an enterprise environment, I would rather optimize for security than ease of two-way communication with external entities.
Do you really NAT all those meters though? It seems much more likely to me that you only have one or two specialized ALG's running.
One to many NAT really makes an attackers life easier in a lot of ways - at least as far as computer networks that support active users. NAT makes it much easier to hide from flow analysis and IDS and the proliferation nat traversal and tunnels to escape NAT make it much harder to spot rogue traffic. Lets not forget the classes of attacks that private v4 space has eased like DNS rebinding and home router attacks.
It's interesting, the only network I knew of that was ip6, aggressively secured and that many nodes is DISA which definitely doesn't allow any public network traffic - and yet uses global address space.
Once again - "addressability != accessibility". I think the benefits of being able to reference the host even if for abuse tracking, or netflow cross-correlation, etc. - outweigh the obscurity advantages of NATs.
If I were concerned to have a diode-like gateway, I'd get a stateful firewall, or on cisco boxes, configure the reflexive ACL. It comes for free with the base code, IIRC.
This all said - each individual network's mileage can vary, so we could argue till dawn - and I think we'd need to agree to disagree on the matter of the "security of NAT" :) If it makes someone sleep better - I think it's served its purpose. Much like throwing away the soda bottle before boarding the plane.
I've never understood security professional who turn their nose up at the usefulness of using a non-routable IP address in your environment. It's always seemed self evident to me, that putting your resources on something like "192.168.1.5" - on an internal network, in addition to all of the other steps you take, would be yet another layer of defense that makes an attackers life difficult. And, in an enterprise environment, I would rather optimize for security than ease of two-way communication with external entities.