I didn't answer the original question from Jonathan:
1. Continue to enjoy the benefits of a Linux / Apache server, but run an older version of Wordpress (WP says earlier releases are less safe)
2. Or move to a Windows / IIS 6 server, and lose the benefit of Apache goodies like pretty permlinks, .htaccess files
Which option do you think I should go with, 1 or 2?
Given those options, I'd work with Apache 2 / PHP 5.2.3. I'm unfamiliar with the specific reasons Wordpress doesn't want to install on PHP 5.2.3. I would not try to hack this into an IIS configuration. I think you'll have more, not fewer, headaches and security risks.
That said, [I] simply refuse to work on environments I can't control and refuse to work with clients who won't pay for appropriate hosting environments. It's too much work, too little pay off, and too much likelihood of future failure. If you created this mess for yourself, you'll just have to do what you can. It's bad enough you'll have to deal with Wordpress security problems, but to throw a potentially unpatched Apache server in the mix is trouble you don't need now or in the near future. I would strongly reconsider moving forward without finding a new/better host.
I'm running PHP 5.3.X at this point, and think that's what most security scans consider "stable and safe."
Jason A. Nunnelley