It is, but mostly because popular operating systems have historically had poor application isolation and vulnerable services.
My personal opinion is that having to have a firewall everywhere in front of everything is a hack that was put into place because of awful OS security, and will become less important as OS security improves.
And/or you just substitute a NAT that happens to also function like a firewall with a proper firewall. The router could do the same sort of filtering as NAT would entail, but not require a hacky NAT table.
Or rephrased its not possible to implement "working" NAT without a stateful firewall, but the lack of NAT doesn't imply its impossible to deploy a stateful firewall.
(It would be interesting to research where this "can't have a stateful FW without NAT" meme came from. It is VERY popular among everyone but network guys)
My personal opinion is that having to have a firewall everywhere in front of everything is a hack that was put into place because of awful OS security, and will become less important as OS security improves.