Yes, it is a risk to install an old OS with known bugs. That goes for any OS, GNU/Linux. Windows, BSD's, OS/X, ...
This does not matter if you use the system as a stand alone host, with no network connection and preferably no USB pen drives etc. If you do connect it to a network then you really want to install all security updates.
As for memory use: A lot depends on how you use the computer. A simple GNU/Linux install without a graphical interface should run fine on 16MB or 32MB of RAM. That is the OS, without any applications.
If you add X / KDE / Gnome then you want a lot more. And if you subsequently start a browser with a dozen open windows then you want even more. But even with a graphical interface you still should be able to get away with 256MB (as demonstrated by the recent raspberry pi's which only have 256MB and still run a graphical interface).
Lastly, RAM is there to be used. In normal use almost all RAM will slowly get filled. That is not a problem. (Example: disk cache).
Now if something get this RAM and does not free it when asked then you have a problem. But that is usually due to a leaky application (e.g. flash).
1
Just use a distro designed for low resource machines. Like Puppy It's between 100-256MB and was last released in May.
– embedded.kyle – 2012-08-02T18:47:50.013