I know that NATs were not designed as security features, but I'm not sure if we want to have every device out there to have an IP address without NAT. I think that this would bear massive potential for botnets to take over older machines. And replacing NATs with firewalls would ultimately lead to the same problem with P2P.

It's unfortunate for people with more technical knowledge, but most people don't have that, and there is point protecting them from attacks (even if it's their fault that they didn't update).