Because you have all the overhead of NAT plus losing functionality that cannot operate through NAT. If all you want is to have addresses that done leave the local net, just do that.
You’ll lose weight in a famine but nobody would suggest it as a diet plan.
You can simply not route a specific range, no firewall needed.
NAT, on its own, doesn't provide security. At best, it provides obscurity. At worst, it breaks security [2]. NAT needs a properly configured firewall to provide security [1]. In this sense, NAT vs a Firewall is a false dichotomy.
These stateful devices have to look at all the traffic and maintain connection data for every transaction. That takes space and time and is bounded in volume.
