Let's rephrase this a bit more realistically:
- Use Windows 7, and everybody with access to malware techniques from the last decade can get in, or
- Use Windows 10, and only the nation-state threats with access to the latest techniques or legal avenues will be able to get in.
Windows 10 integrates a lot of the malware mitigations that were either add-ons or unavailable for Windows 7. The default configuration also requires stronger security, and the system internals are much better hardened against malware compromising system integrity. In effect, whole classes of malware that could affect Windows 7 are ineffective on Windows 10.
I know it's Slashdot's fetish to think that the NSA really cares what websites you're visiting, and to think that you're all protecting the rights of freedom fighters around the globe, but really, using antiquated software just means that the barrier for entry is lowered. The NSA might not be able to pull your telemetry directly from Microsoft, but their regular old RATs and spyware will work just fine, along with the same kit from every hacker group around the world. Not only will the NSA still have access to your data, but so will everyone else.
If you actually want a secure system, opsec is still your best bet. Start with an isolated system for processing, keep it isolated, and use an airgapped (preferably with several walls and rooms between) system for communication. Never transfer electronic data, change service providers occasionally, relocate erratically, and follow all of those other paranoid guidelines that are more effective than "use old software".