A. With the standard XP Mode provided with Windows 7, you have a Windows XP virtual machine (VM) that runs on your desktop. The VM needs to be kept secure through updates and malware protection, so this virtualized OS needs to be incorporated into your management approach. You have to maintain Windows 7 and the XP VM. In an ideal infrastructure, you'd have tools such as System Center Configuration Manager that can automatically patch your XP Mode VMs using the same technology that patches your Windows 7 desktop.
Going beyond XP Mode, you can use Microsoft Enterprise Desktop Virtualization (MED-V). MED-V builds on XP Mode by providing an XP (or Windows 7 or Windows Vista) virtual environment that's centrally managed. Your organization can manage a template VM, and then delta updates to that VM are sent out to desktops, minimizing the management overhead of the VM running on the desktop.
If you intend to use XP Mode, I seriously suggest you look at MED-V, which is part of the Microsoft Desktop Optimization Pack. It gives you a lot more control over your virtual environments and their integration with the main desktop.