Windows XP on it's own, behind Windows Firewall and a router firewall not doing anything too controversial may be fine. Where the risks become higher is when you have many machines across the network. That one host would lower the overall security of everything else around limiting the ability to disable weak protocols.

Backwards compatibility with Windows/AD has always caused issues with Active Directory becoming such a juicy target in the way system-to-systems interacted.