Is it safe to use an outdated 2009 Mac desktop without updates?

The Mac Pro 42 lb tower can be upgraded to 10.13 High Sierra without any internal changes, and is officially supported for MacOS 10.14 Mojave with a Metal Graphics card installed.

That still leaves you about five years short of current security updates, and an increasing number of major software vendors and banking web sites are staring to get fussy about MacOS that old.

Safe? Depends on what you are doing.

However, a Mac from 2009 without updates, would probably be running macOS Leopard, and more than likely most websites will not work on the included Safari browser, nor would any sensitive activity like banking.

You'll also find that it's pretty close to imposible to download functional apps for anything on that model with no updates.

So while it's certainly very vulnerable, the fact you can't actually do much at this point, kind of reduces that potential vulnerability considerably.

SSL to TLS:

In 2015, researchers discovered that Secure Socket Layer (SSL) Internet encryption was not nearly as secure as was thought, and needed to be replaced. Internet encryption quickly moved to Transport Layer Security (TLS) which was rapidly deployed across the Internet. Over time, sites tightened requirements for what was acceptable for encryption.

Apple issued Safari version 9 in 10.11 El Capitan version of MacOS, which included TLS encryption. It was later provided by Security Update into the two previous versions of MacOS. 10.10 Yosemite and 10.9 Mavericks, PROVIDED you applied all available software updates.

MacOS versions older than those can not make a lot of secure [httpS:] connections on the Internet, because by todays standards, your proffered SSL encryption is considered inadequate.