If the gems you depend on does not work on new versions of rails, then it might be a sign that they are no longer actively being developed and maintained, which is probably a red flag for security. (Do you know which of your gems uses Yaml.load on potentially unsafe user input?)
Also, if you look at this (https://groups.google.com/forum/m/?fromgroups#!topic/rubyonrails-security/G4TTUDDYbNA), Rails 3.0 is actually NOT among the list of Rails versions that the core team currently issues security updates for. They have been taking care of 3.0 users for the last few severe CVEs, but as far as I can tell, there's no guarantee that it'll keep happening. And since Rails 4 is on the radar, even 3.1 would be bumped off some off those lists pretty soon. Also, as noted in the linked thread, Ruby 1.8 is reaching EOL soon.
So security wise, I think there's no question about Rails 3.2 + Ruby 1.9 + gems active maintained by trusted developers would be the best combo. You just gotta decided if you could afford to invest the time in upgrading. In light of the recent security issues, it probably is.