Problem with XP in VBox guest machine is that if You have 10 computers running linux they are hard to compromise from outside the network. If one of them is running xp in the vbox and the xp gets compromised - this means that now they can attack the linux machines from inside the LAN rather then from outside the WAN.
This may be dangerous.
Yes, this is a possibility. I stated earlier there is even the possibility of exploiting the the host directly through the VM (although I'm not currently aware of any open issues, of the top of my head).
The real point (IMHO) is to balance awareness with paranoia, and I'll add to that functionality vs protection (by which, I mean, if you AV solution makes you working environment non-productive, you have a choice to make -- stay protected and less productive/find an alternative, or risk infection and continue your current usage patterns).
There are, ultimately, no easy or right/wrong ones; and they need to be made individually...