Security Issues:

The security section is, if anything, too detailed, as it describes attacks that are not meaningful to the security of the system.  I would shorten this section.

The privacy considerations are important and are described appropriately.  It might be worth adding a note that privacy-conscious clients should consider not implementing this specification.

Other topics:

I was not able to see why prefix requests "MUST" be short enough for SLAAC.  Why would a host perform SLAAC within its own exclusively allocated prefix?  If the host is acting as a router for a network containing SLAAC clients, it can request a larger prefix, but why is this mandatory for all hosts?