Okay, I gave in. In fact, I actually ended up giving in around a week ago and left it updating during the last meeting of the day (I figured I had more than enough time to restore my Toshiba/M100 during the weekend if something went seriously wrong).
Surprisingly enough, it worked. It warned me about my anti-virus being out of date (by around 48 hours, as it turned out), instated an even more paranoid security policy (I usually leave Rendezvous and SSH ports open) and gave me a gaudy (and largish) Wi-Fi network selector.
Okay, to be honest, it mostly worked. But it didn't break a lot of the things I expected. My firewall log trick still applies, the Cisco VPN client didn't break, and a quick search around the skinning sites provided me with a new uxtheme.dll patch to get rid of the godawful XP/Chicco themes and use the extra-clean Watercolor theme.
Until, of course, I tried to run coLinux (which worked perfectly before the "upgrade") and figured out there is something fundamentally broken with Internet Connection Sharing (or the TAP driver I'm using). In short, I can SSH into the coLinux virtual machine, but cannot get it to connect outward through XP's NAT or even get an ICMP reply from XP.
Disabling the firewall (per interface or completely), rebuilding the ICS configuration, removing it or using netsh to configure an entirely new NAT configuration from scratch, nothing worked - not even nmapping the XP address from coLinux.
Then again, spending four hours trying to get this to work (even if a fairly relaxed four hours watching TV and sipping a mild Bombay Sapphire and tonic) does not bode well for SP2.