More vulnerable than Vista? Citation please?
Kaspersky, who probably should know, as it's their business to do so:
https://blog.kaspersky.com/xp-eos-8apr-3/4417/
Running XP on internet-connected PCs is like driving with no insurance, saying that "it'll never happen to me, 'cos I'm a safe driver". Until you aren't, or are hit by something you didn't see coming.
Some of those computers were still using XP as late as this week.
Probably a sufficiently large organisation to have shelled out hundreds of thousands of pounds to MS to continue supplying security patches for XP!
SD