ammo,

first let me qualify my previous response by stating that I was referring to NAT as a 1-to-1 static translation and PAT as a many-to-1 translation.

to answer your question, NAT itself does not keep connection info in a state table as you stated. A static NAT simply translates an RFC 1918 IP address to a public IP address so it is routeable across the internet. This also means that a 1-to-1 translation could work in reverse. So a host on the Internet could send data to a private host by using the NATed address instead of the private IP. Even if there is no connection established.

When doing a static 1-to-1 NAT NO level of security is provided unless there is also a firewall in place.

refer to the following link:
http://computer.howstuffworks.com/nat3.htm

"In specific circumstances, Static NAT, also called inbound mapping, allows external devices to initiate connections to computers on the stub domain. For instance, if you wish to go from an inside global address to a specific inside local address that is assigned to your Web server, Static NAT would enable the connection."