XP is only "insecure" if you're the kind of person who would download and run random executables without any real thought, or use IE on default settings.

The "treat the user like an idiot" "security" of newer Windows is precisely why I'm still using XP. I don't need a nanny of an OS. I rarely need to install new software anyway.

In fact I'd say that malware is increasingly going to target features found only in newer OSs... when the WMF exploit (remember that?) was going around, I was still using 98SE, which was completely unaffected by the exploit code since it used NT-specific features and attackers were targeting those OSs at the time. A lot of the rootkit-y stuff won't even run on 9x because of that.