Indeed, IPV6 is a possible entry point for pen testers, as plenty of admins will leave ipv6 enabled, but not bother to setup ip6tables. Plenty of software is setup to bind on "all interfaces", which includes your link local address. Fortunately, takes some effort to scan the link local address space.. But if they are based on MAC, and you can just ask for the MAC of the host via ARP...
Yup. iptables should really have a "figure out how to mirror this" mode, since 99% of iptables rules can be translated to ip6tables rules by sprinkling 6s around, and almost everyone screws it up initially.
I've got a bit of a headache right now, but IIRC the second remotely exploitable OpenBSD bug was because they had IPv6 enabled by default. There are a lot of grues lurking in there.
The parent wasn't just implying it being enabled, but also likely buggy in the implementation as well. E.g. Maybe an overflow with the next header implementation.