I'm a high level Windows engineer at a major IT services firm.
The answer is, it depends.
If you know how to be careful on the internet (never open email from unknown people, never open attachments/links that appear to redirect, even from friends; don't go surfing to sites of questionable repute, etc.) then you probably won't have a problem. The really big holes in XP were found and patched a long time ago. Future exploits are likely to be based on the USER doing something/allowing something they shouldn't, to run on their system.
Keep your AV up to date and make sure it's a good one. From the free options, I would stick with AVG or Avast. Having Malwarebytes also running is a good idea. There's a lot of AV reviews on the internet, read one of the AV comparison tests to see how yours faired.
With all that said... if you aren't aware of how redirects work and how easy it is to allow a malicious script.... or find yourself off the beaten path on a regular basis because you just follow a trail of links and click click click... then it might be time for a switch.
Many XP systems will run Windows 7 well enough for typical surfing, email, and office apps. A decent processor and 1 GB of RAM and a dash of patience is all 7 needs. Had 7 on a Dell Latitude D400, Pentium M 1.3, 1 GB RAM. For WEB and EMAIL -- it was fine.
For many people, if they upgrade from XP to 7, they note the system is a bit slower overall but smoother. Less system freezes. Slow and steady sometimes beats the race, as it has been said.