You can't be seriously claiming that someone is port scanning my /48 that I've had since the early 00s? Over a typical slow internet connection that would take rather a long time to find my printer. Lets say you slammed my couple megabit cablemodem with a million address probes per second (yes I'm well aware thats impossibly high). It would only take you 38 billion years of continuous scanning to find my printer. I'll even give you credit that most people are using just a couple (obvious) /64 inside their /48. Assuming my math is correct it would take a mere half a million years per /64, so figure a couple million years and you'll own my home lan...
As soon as some random website's PHP script publishes your IPv6 address, there goes your security.
Assuming your IP address will remain secret seems naive.
Also, this assumes your IP address within your /48 is randomly chosen. Common user choices (or router implementations) might not default to random choices, or the randomness might not actually be very random.
... for example if the IPv6 address is autoconfed from the MAC address, then you can exploit the structure of the MAC address to target a much smaller range of address suffixes, specific to the manufacturer of your target device(s).
