And to add to the topic rather than subtracting from it. Having read the posts and dealt with networking for as long as I have. WPA is safe and secure for now, disabling SSID broadcast and putting on a mac filter is a good start to making it more "infeasable" which is the word used for a long password used on WPA ..... you'll notice computer d00ds never use "impossible" anymore.
But I liked the idea of using all measures possible. But as brought up you should not let this put you into the mindset that "I am invincible" like Boris from goldeneye. Essentially what Im saying is that WEP was never broken, its peoples over-confidence in their own protection.
I am 99.9999999% sure that no one in my area has the means or the knowledge to crack the setup I have (and yes WPA is in my list of WiFi MUSTS) However I am constantly vigilant, I monitor my activity lights and if things smell phishy I run a packet sniff over night. As well as checking my router status for attached devices (among other things I do to look for people on my network)
But as for the practical points brought up, everything so far is nice, however I would like to suggest adding what I call "Non-Predictable IP Addressing" in which you do NOT use 192.168. {1, 2, 3, 10, 11, 100, 0} . xxx for your network, use something that is harder to guess, and turn off DHCP, think of DHCP as a gossiping wife telling the villagers where exactly her husband goes to catch the best fish
As for WAN protection you should also check other things like router responding to pings (and even tho your firewall is up the response to a ping can be considered gossip)
But finally (and you'll all be glad I said finally) as I mentioned in my last post, Wired Equivelant Protection, is the key element here (not the encryption method but the words themselves) before if someone wanted to steal your internet they would have to do something like plugging into your hub/router without your knowledge. So the essence is vigilance, if I have prolongued activity on my WiFi light then I know to check my lappy and wii and if they arent on something could be amiss.