> SNAT absolutely has intrinsic features that are utilized for security purposes.

Yes, but those features aren't there because they're security features. They're incidental to how NAT functions. It's not inherently secure. The intention of the design is to permit hosts on a network that is not Internet-routable to be able to send traffic that is Internet-routable. That's not a security feature. That's allowing traffic to pass that would ordinarily get black-holed.

> A statefull SNAT implementation itself has most of the characteristics of a "firewall".

Sure, but you should recognize that that's the same as saying a stateful SNAT implementation is an incomplete stateful firewall.

If your goal is to use private addresses, you should use NAT. The point is that if your goal is security, then you should configure a firewall.

Don't expect software that isn't designed to provide you security to provide you with any security.

If your ISP delivered you a packet with a destination address of 192.168.0.5, there's a good chance your router would deliver it to that device without consulting the port forwarding table. In this way, NAT isn't a firewall and you're relying on your ISP's routing policy as your actual firewall.