The /30 when used as a gateway to a network does not need to be public. You won't be able to reach those specific interfaces from the general internet (so things like traceroutes will look odd), but that's not really an issue.
Now in regards to your comment about NAT being more secure... unless it's many-to-one, it's not any more secure. NAT is meant to emulate the behavior of publicly-addressed networking, so the security still comes down to the firewalling you employ to protect those assets. A poorly firewalled NAT translation is less secure than a well-firewalled public address.
The only time a NAT translation is desirable from a security standpoint is when it's a many-to-one NAT situation where one public gateway address handles translations for everything behind it. This is the typical case for residential Internet connections. Even then, a well-crafted firewall rule set will accomplish the same level of security. Normally NAT in non-residential setups (specifically one-to-one NAT) just adds a layer of complexity, not necessarily security.
__________________
Network Firefighter
|