Even if NAT will be gone one day, the stateful firewalls won't. Every every home router would still ship with "deny all incoming" by default, and every corporate network would have the same setting as well.
Same as IPv4, IPv6 serving would still need registration with border device, either manual by user, or via UPnP-equivalent.
People naively assume the large IPv6 address space somehow hides your computer on the internet. That isn't true. Both because v6 host discovery is a solved-ish problem for attackers, and worms have near unlimited resources to throw at the wall.
But the effect of proliferation of cheap Wi-Fi routers with cheap dynamic NAPTs in conjunction with UPnP did to XP-era PC security - 100% agreed, it was like sunlight self-disinfecting brass door handles.