That’s the big issue w/respect to WinXP: drivers. You’re beholden to the vendors to supply drivers for contemporary hardware that are backwards compatible with legacy O/S WinXP.
Case in point: SATA drives in WinXP. Not that it can’t be done, but there will be additional hoops to jump through.
The biggest problem will be w/respect to upgrading the motherboard down the road. The device drivers specific to contemporary motherboard may not be WinXP compatible. Peripherals may become obsolete if large volume sales haven’t been realized by the vendor; drivers may not be available for now ‘legacy’ hardware.
That was an issue with a gfx card I ran into that previously ran fine in Win98SE. The BIOS had to be flashed for the gfx card to accomodate the newer method that the O/S hooks the hardware firmware; otherwise a blsckscreen during boot was encountered, i.e., the monitor would go into standby (requiring manual power off the monitor and turning back on).
With respect to the security model, the security flaws of XP are resolved and implemented in the base code for Win7. That being said, the O/S itself should never be considered the frontline defense from a security perspective. That is relegated to access control list, firewall, host intrusion prevention and anti-virus. With the inherent security of NTFS and group policy the Win7 is intrinsically more secure than WinXP.
My advice is to consider Win7 primarily for forward compatibility concerns. Yes, the large corporate IT environments have issue migrating to Win7, but that’s because they have larger issues at stake concerning security policy and implementation of software as dictated by such policy.