While this isn't the place to discuss in depth security philosophy, let me ask you how you'd feel if someone came to your residence and tested out all of your doors and windows? Wouldn't you feel more secure if they simply left your place alone? That's what a port scan is: The testing of your doors and windows. A stealthed router simply doesn't respond at all to a port scan, and the bad guy has no way of being sure that your public IP address is even being used.
There are lots of bad guys out there too. If you configure your NAT router to log all dropped incoming packets, you'll see that there are ongoing attempts 24/7 to find open service ports, presumably to exploit them if possible. So, IMHO, it provides an added layer of security to operate in stealth mode. Stealth mode also prevents information leakage of the kind that utilities like nmap can exploit (»nmap.org
). The packets that your router sends in response to a closed port probe can contain unintended information in them. That's how nmap identifies a router's operating system, right down to its version number. As a matter of fact, one brand of router was accidentally sending back its logon credentials in the body of its return packets, because it was sending whatever was left over in a local buffer instead of clearing the buffer to zero first.
In short, non-stealthed routers provide information to the bad guys that I'd rather not let them have. The self-styled purists who mumble something about old RFCs written back in the 1980's are in fact living in the 1980's. Stealthing is a Good Thing™ for residential routers. Use it when possible!