I run numerous servers (web, mail, etc) on the big, bad internet without any firewall at all. There is no problem. A firewall simply cannot protect you from insecure applications anyway. In other words, on my mail server only port 25, 465, 143, 110, 993, and 995 are even open and I want them open. Hence iptables does nothing. Even if iptables was running it would do nothing to protect the server from being attacked through these services.
Understand your point, but it's really irrelevant.
The vendor should be delivering an operating system containing iptables and the matching kernel modules to permit the user to set up a firewall if they so choose. The decision to set up a firewall (or not) is of course the user's, but the software as delivered by the vendor should make "yes" a possibility without requiring software updates.
I also disagree with your position that your approach is sufficient, but that's a whole other discussion I'd prefer to not get into. It's clear your mind is made up that no firewall is needed.
I might add that the rc7 updated kernels look great. Now if iptables was just in the vanilla distro so no apt-get was needed :-)