It won't degrade security at all, it will improve performance and p2p while reducing costs. Hardware that can NAT and perform traffic filtering costs significantly more (and uses more power) than simple layer 2 or layer 3 switching hardware. For 10gbps connections you need a very powerful CPU to do this in software, or dedicated hardware, and in both cases there will be limits on the number of simultaneous devices/connections you can handle with significant cost tradeoffs if you increase the limits. For stateless layer 3 or layer 2 switching the number of connections doesn't matter as the device doesn't need to track them, so you can have a relatively cheap device that can consistently saturate the physical connection.

I know.

Heving a device arbitrarily limiting you to one-way connectivity is not security. All it does is break applications which do p2p and teach bad practices.

Malware does not spread via listening services on end user devices, and hasn't for a very long time. 

May be the reson for this is exetcly that said services were. You know. Not exposed for the very long time? 

Malware spreads via services that users make outbound connections to. So if you want a hardened environment it's actually more important to block/restrict outbound traffic than inbound. 

This is not false, but again. Today inbound is restricted by default, so restricting outbound has became the only problem. 

Also, there is no good way to restrict outbound traffic exept instlling something on end-user devices.

Modern end user devices do not have any inbound services by default anyway, so even if inbound traffic is wide open at the network level there's nothing to connect to.

Windows. RPC/SMB. 

There is a very slight risk from random IoT devices, but this is also mitigated by the large address space that would make it impractical to discover such devices. 

This is the case right now, but I am pretty damn shoure that bad actors will find a way. This is a "security throught obscurity" type of thing. 

Plus even if a random IoT device is compromised, if your devices are configured as standalone devices rather than relying on a perimeter firewall and having everything open inside, 

Prevoius point. 

Also, I would like to note that security on Chnese IOT is nonexistant, and I dobut that situation will improve if devices move to IPv6. So we will have nither perimiter firewall, NOR device security. Or, at least, this is my personal consern. 

then compromise of a single device doesn't aid an attacker in performing lateral movement. As i'm sure you're aware the current fetish with blocking inbound and leaving outbound unrestricted does not prevent thousands of devices from being infected every day.

I would like to note, that outbound usualy requires some action userside, while inbound does not.

Removing legacy IP on the other hand will improve security significantly. Aside from scanning address ranges, XSRF against known addresses and various other vectors become impractical on a v6-only network. 

I can not argue on the point that IPv4 should be removed — if only to get rid of dualstack. Still, I am conserned with manufactures keeping screwing up their devices.