Originally Posted by FFL
It sounds like your most secure method would be the strongest possible WEP password protection (ie, random letters and numbers), combined with Access Control to limit connections to specific MAC addresses.
The WEP encryption, MAC address filtering, and SSID being off will certainly make it harder to access your network, but ultimately if someone does want to crack your network it would not be that hard.
1. SSID being off. Won't help you at all, and in fact adds overhead to your wireless setup (it's trivial but it is there). It forces the nodes to use probe request frames to find the access point or controlling node. The SSID is sent in the clear in these responses. It's not hard at all to get the SSID, and it makes your life harder, so why bother?
2. WEP. The problem with WEP is that it uses one key for the entire time two devices are connected. This could be days, weeks, or months. By collecting enough data it is possible to crack the WEP key, and decrypt your network stream.
3. MAC address filtering. If you're only using WEP and someone cracks that, then they have your MAC address as well. Many devices allow you to "clone" a MAC address, which get's you around the filtering.
Now the upside. The main benefit of WPA is that it uses keys that expire. So even if you break one of the encryption keys, the network will be using another one by the time you do. I think the default expiration time on Airport using WPA is 60 minutes. The big security hole of WPA personal is what you choose as a passphrase. Guessing your password is the only known (that I know of) way to circumvent WPA encryption.
If you are worried about security: people cracking your computer systems and looking for information, getting passwords sent in the clear, or watching what you do on the internet, your only really reliable bet is WPA. If you are confident that your systems are up to snuff, and you don't mind people watching where you go on the net, then open or WEP is an option.