With hole punching, at least you have some amount of mutual recognition by using the same external server, and you get some amount of DoS protection from the server itself (though of course the server will likely support many more connections than your local system).
So in the end, aren't you more secure using a hole punch method for direct connections over the internet for P2P communication, even on IPv6?
No?
It sounds like you're reinventing authentication, badly. If you want to control which clients are permitted to access a service available, we have well-established ways of doing that. Dynamically messing around with the network and "hole-punching" is not one of them (unless you broaden that to mean VPNs, but if you want a VPN, use a VPN!). If you don't want anyone on the internet to be able to SYN/ACK to a TCP service you put on the internet, don't put it on the internet.
Also, insert standard soapbox speech here about how the contextless phrase "more secure" is meaningless. More secure against what? What's the threat or risk you're trying to control?
Having a public server on the path, which is what hole-punching does, helps with this, especially in the area of DDoS, since attackers first have to fool the hole-punch server before attacking any specific peer directly.
