I was reading up on Microsoft EMET and they noted that it won't have the same security benefits in a VM because of a lack of hardware Data Exectution Prevention support in a VM, as opposed to a physical machine. So for example, if you have Win7 Pro and install the WinXP Mode virtual machine, your virtualized WinXP is significantly less securable than a physical WinXP would be.
This had an impact on my decision-making processes recently. I need to set up a system for a specific public-usage role at work. I thought "hey, why not throw Win7 onto a VM and then I can have it revert to my locked-down image every day." But if the VM doesn't support DEP, that's not good for security. Plus I'd need to update the VM's OS and re-save it periodically anyway. In the end, I went with Win8 Pro with a combination of Software Restriction Policy, Family Safety (fka Parental Controls), custom Group Policy courtesy of Microsoft Security Compliance Manager, and a Mandatory User Profile that reverts the user's profile at every logon.
And Stardock Start8 for everyone's sanity