It is not that simple.
For hardware attacks, older hardware are probably safe since the attacks are specifics to some newer features. I really doubt you can deliver a Spectre attack on anything up until the Pentium or even later.
On the software side, there could be some security bugs to which some older version could be vulnerable since there were not the vulnerable code at the time. Granted, there could be some security bugs that were not yet discovered in older codebase.
Only real option is to crypt them before putting them on the VPS, but at this point a VPS is pretty useless.