In our experience at Stanford Redhat 5.1 has been a bigger security
problem than two-year-old Linuxes, in part because 5.1 is explicitly
looked for in order to exploit weaknesses in e.g. rpc.mountd. So even
you were on the net 24 hours a day you'd probably be pretty safe.
We have had a mix of RH 5.1, RH 5.2, and much older Slackware systems
on the net at the same time, and while all the 5.1 systems have been
compromised on at least two occasions each, nothing else has been touched.