Based on that, no the computers logging into the site cannot be compromised because of the XP system. The XP system, however, can and will be compromised the longer it's left attached to the Internet. Transplanting that XP install into a VM running on Linux, for example, would be a potential solution. If this is basically a mono-tasked computer, the fact that it might take a few extra seconds to load is inconsequential after it does load. Then if the XP VM is ever compromised, no big deal, just blow it away and restore the original image. As long as it's not being compromised so often it's practically a full time job restoring the image, all any potential attacker gains access to is the VM. It's one more layer of effort they'd have to go to in order to get to the main OS and there are plenty of other computers out there which are easier targets, not to mention most so-called "hackers" these days have very little in the way of actual technical skill. Those with any real skill are generally after much bigger targets than someone's security webcam. So as long as you don't do anything to put yourself on their radar, all you really have to worry about are idiots running automated scans who probably barely know how to turn a computer on and off.