MAC address access limitation is okay for preventing against "the casual 'hacker'"... but nothing more than that, indeed. Unfortunately our access point is unstable enough as it is, and it's almost unusable when I enable WEP (which obviously also is rather useless), so we run an "open" accesspoint with only MAC address limitation here :/
I'm going to look into getting a new AP with WPA when the next paycheck arrives... just seems a bit silly for *me* to purchase it when it's the *girlfriend* that has a laptop. But of course she'd never shell out for hardware, and I hate having a 20m UTP cable all over the floor, so...