There hasn't been a root exploit in XP for a couple of years now, which means if you are running as a user and not root, and you know what you are doing, XP should be fairly safe.
1. Run as a regular user and only elevate permissions when you need to
2. Make sure your directory permissions are locked down properly (there are guides to help you do this)
3. Turn off all unnecessary services
4. Run a 3rd party antivirus app - BitDefender Free is excellent
5. Regularly run rootkit detectors and a second on-demand scanner (I use Trend Micro)
6. Don't use IE, use Firefox with NoScript turned on
7. Don't use Flash, Adobe Reader or Java. Use Sumatra PDF for PDF viewing.
I keep a VM of XP around for running some old apps and reading my junk email account. I've been sent virii and all sorts of junkware, and running the above config is pretty impervious to anything thrown at me. I can revert the image to it's original state if something bad happens, and I've yet to have to do that.