For static inbound 443 should be dropped by the basic home user's default carrier modem setup, only outbound initiated should be allowed. I'm sure there are some bad home implementations that don't do this by default, as there are on IPv4, but as you say for most users it comes down to if the provider's default config is bad or not. For more advanced users they can check and correct the default config if it is bad.
For dynamic it's not really any different than dynamically opening ports on IPv4, it's convenient for things like peer to peer communications and inconvenient for security but a lot more the former than the latter so most actually want it. For the static case then you get what you ask for, if it's static then you specifically put effort into making it reachable so if you don't want it to statically be reachable to everything then just don't statically make it reachable to everything.
For dynamic it's not really any different than dynamically opening ports on IPv4, it's convenient for things like peer to peer communications and inconvenient for security but a lot more the former than the latter so most actually want it. For the static case then you get what you ask for, if it's static then you specifically put effort into making it reachable so if you don't want it to statically be reachable to everything then just don't statically make it reachable to everything.