I'm in violent agreement with the idea that exposing the NAS to the Internet is a bad idea.
But. Please follow along for a minute so I can make a point.
I am going to assume - possibly incorrectly, though it is irrelevant - that you feel a NAT gateway is protection of some sort. I note in particular that FreeNAS has been made somewhat dependent on network services such as DNS, SMTP, NTP, etc.; this basically ends up as a reason for people to justify giving their FreeNAS limited connectivity to the Internet. Most home networks are not fortunate enough to have lots of infrastructure deployed. In fact, we very strongly encourage NAS users to set up e-mail to handle proactive problem reports from SMART or daily or whatever.
That design decision may eventually have an unintended consequence. In the New World Order of IPv6, NAT is an evil concept. The correct design to deploy a FreeNAS box would be to deploy it on an IPv6 ULA or other unrouted network. For a site with network infrastructure services like DNS, SMTP, NTP, etc., that's all very workable and is parallel to existing deployments using RFC1918 space for private storage and management networks.
However, we will reach a point where IPv6 users need to deploy a NAS, and plop it on their IPv6 /64 that their ISP handed them - possibly without an intermediate firewall.
So here's my point. Regardless of our agreement that exposing the NAS to the Internet is a bad idea, failure to acknowledge and plan for this eventuality, which is going to happen under IPv6, is a bad thing. Even the sharpest admin occasionally makes a mistake, so at some point a FreeNAS box will be exposed to the IPv6 public Internet.
While I do not regard many of the automatically generated self-protecting firewalls as being worth much, I think there's substantial opportunity in the highly controlled FreeNAS appliance environment to automatically generate and deploy a fairly strong firewall.