There's that friction, but also blocking traffic in v6 is more complicated per se. v4 only has one kind of address, and it's really hard to mess up NAT in a way that causes a breach. In kind of a stupid way, it's secure by default.
Guess the most likely mishap is a bad router supports upnp and has it on by default, and a bad device maps an actually used port. No PC is going to do that, it'd have to be something like a cheap knockoff security DVR.
> blocking traffic in v6 is more complicated per se
I don't think that's the case. I think how you set your router/firewall rules with IPv6 is the same as with IPv4 aside from the addresses being longer.
> it's really hard to mess up NAT in a way that causes a breach
You can continue to use NAT with IPv6. I know that when I make the change, I'll still be using NAT, for convenience if nothing else.
