EUI64 means that random space is effectively reduced to just 48-bits of real entropy, <40 bits if you start making assumptions about device vendors. For example maybe the attacker has a VMWare exploit: enumerating that OUI (00:50:56) leaves them with just 24-bits of address space to scan, a measly 1GiB of traffic.
It's security through obscurity at best, i.e: not security. You shouldn't be relying on size of address space to protect you from anything. An IDS/IPS that alerts on abnormal ICMP behavior will be useful whether an attack is 1GiB of traffic in size or 1024EiB of traffic in size. (Also you don't even need automated scanning to find some juicy targets: I've seen a lot of routers on the edge of a prefix configured at ::1/64 and ::2/64 for instance.)
Most systems aren't using EUI64. Within a subnet, they're using random addresses per RFC 4941. So, if I've got a /64 IPv6 allocation (which I do right now), that means I've got 64 bits of randomness to play with. Right now, my macOS system has four publicly-routable IPv6 IPs, all of which were randomly-generated, and which regularly regenerate.
I did not have to do anything to get this. My macOS system has IPv6 set to Automatic. My home ASUS router picks up the /64 allocation from my ISP, passes the info on to things on the LAN, and acts as a firewall for IPv6 (while continuing to act as a NAT for IPv4).
I don't see what's wrong with the outside knowing your local IP addresses. But I absolutely wouldn't want EUI64 encoding my device vendors in the addrs.
It's security through obscurity at best, i.e: not security. You shouldn't be relying on size of address space to protect you from anything. An IDS/IPS that alerts on abnormal ICMP behavior will be useful whether an attack is 1GiB of traffic in size or 1024EiB of traffic in size. (Also you don't even need automated scanning to find some juicy targets: I've seen a lot of routers on the edge of a prefix configured at ::1/64 and ::2/64 for instance.)