I've just seen zero evidence of exploits being an issue worth worrying about when dealing with a private network that is NATed behind a firewall. My machines aren't just sitting out there on the wide open internet.
It's much more common than you think. Once an attacker/malware gets access to a machine somewhere on your network (or at the perimeter), it becomes easier to pivot from that machine to others on your LAN. A NAT'd connection won't necessarily protect you.
Also don't forget UPnP. I had a printer taken over because it had exposed itself via UPnP. Fortunately printers were all on their own DMZ so it was contained (my point about layered security wins here)
Excellent example and one which is not uncommon. A lot of people focus their efforts on hardening their PC's and servers, but forget about every other device connected to their network, i.e.: Printers, IP cameras, TVs, network connected amplifiers, IoT thermostats etc... There are essentially small PCs inside each of those and once they are popped, they are a gateway into your LAN. As b139 explained, they don't need to be on a public IP address to be vulnerable.
Aside from hardcore nerds, how many people do you think bother regularly checking for updated firmware on those types of devices?
But even that isn't enough, I can't remember the last time new firmware came out for my printer or TV, which is why a layered security model (even for a home) is important. Devices like the ones I described have no business being on your trusted internal LAN.
If all anyone had to do was place a router/firewall in between their network and the internet to remain secure, everyone and every business would be doing it. Unfortunately in reality, that's not how it works.