Comment by poszlem

It's almost always done in devices capable of being firewalls because many-to-few translations require stateful tracking. Firewalls already did that, so it was a natural place to apply NAT policies.

NAT also include many-to-many and one-to-one translations, and those are just as easily implemented in anything routing with no extra memory and complexity required. This is sometimes referred to as symmetric NAT.

The firewall rules are what is providing the protection, by applying a policy that traffic must be initiated by a host on the "more trusted" network or whatever your prefered terminology is. That can happen without NAT and does all the time. Techniques for forcing translations have been well known as long as NAT, and there are probably some unobvious ones out there too. In the 1990s it was still common to get multiple IPv4 addresses if you went to the trouble of having ISDN or whatever, and they were equally protected by a firewall that did not do NAT.

The firewall is very much a separate thing, and part of the efforts to make v6 properly available for home customers was introducing somewhat standard firewall setup that replicates what people think NAT does for security (and what NAT definitely does not do, if only by virtue of being broken by the classic connect/connect vs connect/listen connection)

The firewall is what is providing security, not NAT. And you can equally easily have a firewall in front of an IPv6 network.

Er… not at all. NAT and ipv6 are both very widely used, with IPv6 adoption steadily growing over time.