-WPA PSK (how long is the phrase you used? Ideally 20+ chars and not dictionary-friendly. Using WPA2, if its available? )
-MAC address filtering (fairly trivial to bypass for any non-casual hacker - basic sniffer and MAC-spoof capable card needed)
-default router password changed (great, its amazing how often they do this and yet WEP is the old horse that gets beaten to death by the news rags)
-obscure model of router ( sure why not )
-(hidden SSID) (utterly trivial to bypass/learn with a sniffer because legitimate clients must specify the SSID in plaintext in probes and associates; it is only useful to hide this to prevent it from being identified in the Windows Wireless Networks list where the slobbering masses can see it and try to connect)
Forgot: Change the default SSID!!! The SSID can often tell hackers clues about the router brand, the ISP, and even the serial number. Changing it does more for anonymizing you than hiding it. Assuming you're not making it into your full name or SSN.
Bottom line, WPA-PSK (esp WPA2) with a good key is about as robust as you can get for home use. If they are as capable and determined to crack that, none of the other Mickey Mouse security is comparable. As people have pointed out, they don't ship WPA default because of backward compatibility issues with all the old WEP crapola.