You only _think_ it's okay in XP / 2003.
For several years now, Microsoft has been warning that this is a bad
feature, and that it will be deprecated in some future version of Windows.
Apparently, we are now living in the future that we were warned would come.
As to why this is a bad idea, here's one example:
The brief synopsis is that if a privileged process opens up a window on the
user's desktop, that's a hole punched through a security boundary, which
could be used to allow an exploit to elevate privilege quite easily (because
the window message queues were not designed to be a security boundary).
Jesper's suggestion to create your own RPC mechanism to communicate from
desktop to server and back hints at this; that you need to create a secure
means of allowing data to cross that security boundary.