Depends on how much a creature of habit one is; one can experience a very great deal of what the internet has to offer within a relatively narrow range of known sites these days. *.google.com, en.wikipedia.org (and other sites run by the Wikimedia foundation), your own business relationships accessed directly via known URLs, etc.

OTOH, a late-in-cycle XP system purchased shortly before or after vista came out will be well in excess of what's needed to run Windows 7 properly, and the actual specs required to have a decent experience have not changed much in the past 6 1/2 years since Vista came out (~2ghz dual-core CPU [or 2.8ghz+ Pentium D], and a minimally-capable GPU*; the only big change is that while 2gb was fine for most people when 7 came out, it's kinda marginal now.)

[* which is basically the GMA 950 -- dating to 2006 as well -- at least on Windows 7; the 950 wasn't really adequate on Vista. ]

For desktops, there are some machines going back to Q2 2005 which are still fine, although I'd consider any laptop predating the Core 2s (late Q2 2006, IIRC) as not worth upgrading.

Also, $1200 is no longer "midrange" for anyone but an enthusiast, and those specs are specific to desktops. Laptops tend to be a good bit slower still, and outside of some niche uses, nobody much minds (although the very lowest-end machines are still IMO too low-end to recommend.) Also, as Chromebooks show, not everyone needs much local storage anymore -- a 2TB hard drive is nice if you have a lot of downloaded or ripped media files, or take a lot of photos (and don't use the cloud in the latter case)... it's overkill in most others.

I find it more useful for adblocking than for security, but given that some attacks DO come via ad networks (especially on some of the known adult and torrent sites; the unknown ones are likely to be hosting attacks locally!) it's a decent, if small, bit of security.

Whitelisting Javascript, if you can tolerate one of the solutions to do it, is a better solution.