Firstly, some context would perhaps be helpful…
iPad2, iPad3 and iPad mini1 can only be updated to iOS 9.3.5 (WiFi Only models) or iOS 9.3.6 (WiFi & Cellular models).
Apple ended update support for these models in September 2016. Your iPad cannot be updated to iOS 10 or later major versions of iOS, as the internal hardware does not meet the minimum technical requirements for new versions of iOS/iPadOS. This limitation cannot be bypassed; these are 32-bit architecture devices, whilst all recent versions of iOS/iPadOS are designed for 64-bit hardware platforms. iPad2, iPad3 and iPad mini1 are obsolete.
You may need to consider that compatible Apps for your iPad are increasingly difficult to find - as third-party developers are increasingly dropping support for 32-bit devices and versions of iOS preceding iOS11/12/13. As older versions of Apps are removed from the Apple App Store, you’ll not be able to (re)download or install them - which may severely limit the usefulness and utility of your iPad. As such, if you want or need to access most current Apps, requiring more recent versions of iOS, you’ll need to consider replacement of your iPad with a newer or current model.
Now we can consider security of the platform…
Be wary of the myth that Apple devices are immune to malware; those that perpetuate this untruth do not understand (or necessarily comprehend) the broader threat landscape. Whilst iOS is not susceptible to traditional malware infection per-se, as with all computer systems there are still vulnerabilities and exploits to which you remain vulnerable. With the device now beyond update support, the risk of a vulnerability being actively exploited increases. Consider that Apple invest heavily in producing security updates for good reason.
If the device is effectively “air gapped” from all network and internet connection, the risk of compromise is mitigated - but only while the device remains un-compromised and isolated from network connection. For most devices, this level of isolation is impractical - if only because you cannot download Apps or App updates. However, pragmatism and risk assessment can reduce risk where a device is restricted in both its capabilities and intended use.
If you limit use to self-contained Apps and Games - and disable all network connectivity - the risk of compromise is substantially reduced to almost zero. If this is a practical proposition for you, then you might consider continued use of a vulnerable device. Don’t underestimate the capabilities and curiosity of children; network connections can be easily restored.
The only way to keep a device protected from threat or compromise, insofar as risk can be practically mitigated, is to ensure that you are using a device that is “in support” and is kept updated to the most recent version of its Operating System.
I hope this information provides helpful clarity as to your risk exposure and available options - and the fundamental limitations of your current iPad.