If his MAC number isn't in the router's list, he won't connect to the system so he won't see my packets so he won't know what MAC address to cheat with...
Doesn't work like that Keef. MAC addresses are in plaintext in all broadcast packets, even with WEP enabled. An attacker just needs to listen and capture one packet to determine a valid MAC address, and almost all wireless card firmware allows MAC-address spoofing, so once they have a valid MAC address it's trivial to access your network.
It's potentially a big deal, because while you may be firewalled against the outside world, most home LANs trust the computers on the network, so if someone connects via the WAP any files etc. you share are wide open. Of course, as I keep saying, making things difficult is in all likelyhood all you need to do and a MAC address ACL does that, but it's important to understand exactly what your security does and doesn't do - and most people think that MAC ACLs are much more secure than they really are.
With WEP, even 64-bit, then it's a whole different story, because that is effectively uncrackable for all but the most determined. But if you're using WEP there's no point in an ACL anyway.