Because it was never intended as such and does not necessarily need to add any. The fact that many NAT implementations do add some security (by dropping inbound connections by default) is a side effect. I've seen NAT implementations that get it precisely wrong (consumer routers that set up .2 as the default DMZ), but that's still entirely valid.
But that is not a feature of NAT, that is a feature of a firewall (for example, it is possible to route incoming packets via the WAN as well as masquerade outgoing ones from the LAN - most people wouldn't even know their pants are down). It is a coincidence that home routers sometimes provide both leading people to conflate their firewall with their NAT system - but if a firewall is what is wanted (and is arguably the only valuable component), NAT is not the thing to ask for. Conflating NAT with firewalls also promotes the idea that NAT has a place in any network with abundant addresses. IMHO, it does not.
NAT will always have a place, because not everyone wants to expose a uniquely routable address for every device they own (probably based on a device's MAC address) to the world.
The simple and much more flexible answer to this is to have a firewall rule on the edge router that simply drops all packets to and from the hosts you do not want visible. Note that this is more flexible in that if you want some hosts visible and some not, you can do that. You cannot do that with NAT: you only have one port 80 and several servers for example.
In general, use the right tool for the job. NAT provides some blunt security features incidentally. It does not, for example, prevent your server from making connections to the outside world. The firewall is what is meant to be used to restrict traffic. That is its only job and it does that well.
Can you give an example that isn't based on security (since the NAT isn't providing that)? I can only think of short-term (undesirable) transition or load-balancing mechanisms - all of which have better long-term solutions (anycast, multicast, and dynamic service discovery, etc)...
What's with the widespread fixation against attributing any positive security attributes to Network Address Translation? It's like the old warning about NAT not being enough to protect a private network got cargo culted into a universal anti-NAT maxim.
What would you call it when a router at the edge of a private network presents a single IP to the world no matter how many devices are behind it, for privacy reasons?
No, using a firewall increases security. It just so happens that most routers which do NAT, also have a firewall. You are, in my opinion, confusing two functions provided by one device.
I'm willing to bet that any IPv6 capable router also has a firewall.
That doesn't increase security unless your baseline is broken. All NAT is potentially replacing from a security perspective is a single default drop (or default reject) rule, which should have been there to start with.
While it could be argued that NAT adds an extra layer to security-in-depth by making it harder to accidentally open things up by missing out the default drop/reject rule, but I'd argue that all the faf that NAT can create by making it difficult to arrange point-to-point connections where they are actually desirable is not worth that little bit of protection against failing to configure the firewall correctly.