For the "Default to use NAT" thing, I think this might have something related to ISPs.

There's some ISPs that support direct internet connection (i.e.: connect without need to sign in). If the default connection type is "bridged" connection, the local DHCP server would just assign a public IP to the VM too. Since most DHCP in building's network control room have only assigned public IP numbers near to the actual subscribers, if each user have 1 VPC instance running (wthut boardband sharing router in between) the local IP pool would soon be exhausted.

Of course, hiding behind NAT has firewalled like effect is another advantage,