Secure access to NAS over the Internet

To the exception of some services like readyNAS remote or bittorent sync you will need to do port forwarding. If you don't trust Netgear servers then a VPN is one of the best options IMO (avoid PPTP which is not secure at all, but L2TP/IPsec, SSL or openVPN should do fine). With a VPN you would be like in your home network, so AFP / SMB are possible. I like bittorent sync, but an rsync job would do the trick pretty well too for backup like any other sync software.
As for NAT, it is only needed when you switch IP address range, so depending on how is configured the VPN you will need to add a NAT entry or not. For port forwarding, it depends on how you get to the NAS. If the NAS IP address is directly accessible (same subnet or routed), port forwarding is unnecessary, if this address is shielded behind another one, you will need to forward.

Now I'd like to know what you call "secure". Security is made from confidentiality (only authorized person have access), integrity (data is as it should be, no unwanted change) and availability (data is accessible when needed).
So if you really want to secure things, you will need to see much more that what you already spoke about.

Given the options proposed, I would privilege bittorent sync + VPN. Owncloud (used without VPN) will require a port forward that will give direct access to the server (which is the NAS I guess ? ) and you seem to want to avoid ReadyCloud services. Anyway VPN + a sync service is a good option, not bullet proof though as if a file is erased from bittorent sync source, it will be erased from destination too. If you use this I would advise to configure bittorent sync to peer with only one IP so that nothing will be sent in clear through internet as bittorent sync is able to pass firewall so the two machines may be able to communicate even without port forward. I'm not sure if bittorent sync has some cyphering protocol or not, so in doubt I would make sure that you use VPN to secure it.