Hello Jon,
At my workplace we also run XP on PC's and use a Terminal Server for employee access to the network. The TS runs 2008 r2, but our old Network server runs 2003. In my situation the decision was made for us due to HIPAA concerns. Since 2003 server is no longer supported we were in HIPAA non compliance so we hired a company to install a new Dell server with Windows 2012. This made sense at the time but had I to do it all over again I would've pushed for 2008 for the new server rather than 2012 due to the nightmare we had moving AD to 2012.
To answer your question: if the mitigating factor is Security then Yes, you should update to an OS that is still being supported rather than one that does not get updates anymore. I wouldn't go all the way to Windows 8 due to the large amount of training you'd have to do for the staff to use that OS and the cost for a brand new OS. And yes, I can hear the arguments already that 8 isn't that difficult to work with but considering the people who will be using it got used to XP, 7 is much closer to XP than 8 will ever be, and if they are just using it to get to a server environment then why bother with the extra stuff on 8?
In your situation you would likely have to update XP AND server 2003 as 2003 is already unsupported, I believe, and XP will be by April 2014.
Good Luck!
Hello my name is Jon. I have a few questions that I am seeking advice on. At my workplace we are all running windows xp and all our information is saved onto our server computer running server 2003. My main question is, should we upgrade to a newer OS for security reasons. We have many prototype files and drawings that would devastate us if seen by and unwanted eye. Is it worth the money to upgrade to windows 7 or 8. Also to come with that upgrade should we go from windows server 2003 to 2012 while were upgrading. If so can you tell me the security benefits from upgrading, or maybe some helpful tips thank you.

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic