Let's hope. A lot of people predicted that malware writers were sitting on exploits in Windows XP and would unleash a tsunami of malware on XP once it passed EOL. It never happened.
To me, there are two primary consequences. One, you will be out of compliance with a lot of regulatory laws like HIPAA and PCI because they demand a patched and up to date OS, which Server 2003 won't be. The other is that you spend so much money on workarounds to secure the server, like firewalls and intrusion detection, that you end up spending more money than if you just bit the bullet and migrated.