I know you said you don't want 7, but seriously...XP isn't even supported by MS anymore (I don't think).
You're just asking to be attacked, lol.
I have a system on which I run XP SP2,
no additional patches at all!
And yet
I'm not concerned at all! That's because the only time I let XP itself out to the Internet was to activate it. Other than that, it works fine OOTB, I don't need any of Microsoft's security patches. I also infrequently enable Internet access for the machine to allow the few Windows programs I run to check for their own updates.
We don't know how the thread starter intends to use XP. If he's behind a firewall, on a non-Microsoft LAN (so XP won't be attacked locally), and doesn't access the Internet using XP, he will be OK.
I'm certainly not about to give MSFT hundreds of $$$s just to upgrade to Win 7, when XP works just fine for what I need it for.
OTOH, if Win 7 dropped the constant check-ins to the mothership just to see if the software is "genuine", and if they only charged $30, then I would be much more willing up upgrade. But that's not their current business model.