It is surprisingly hard to find this information on Red Hat's website; you'd think the support periods for the various Enterprise Linux would be somewhere on the product pages for each EL release, but they're actually hiding off in the Security Updates section.
The short answer is that security updates are done for seven years after the initial release. RHEL 4 was released Febuary 15th 2005, so security updates will be available through the end of February 2012.
This means that CentOS will also have updates for that long, since they build from Red Hat EL's source RPMs. Even if the CentOS project goes away as an organized entity, a CentOS install can just grab the RHEL update source RPMs and rebuild them directly.