Simon,
It would be very simple to capture the packets on the wifi network without connecting to it. From these - unencrypted - packets the MAC address(es) can be read off. Almost all network cards can have a "soft" MAC address entered to override the hard-coded address.
Given the above, it is therefore trivial for a 3rd party to access your wifi network and connect to it.
WEP (Wired Equivalent Privacy) is a very weak form of encryption (the key is static) and susceptible to brute-force cracking in a matter of minutes.
What you should implement is WPA (Wi-Fi Protected Access), which is a far stronger form of wireless encryption, as the key is dynamically updated.
Of course you can - and should - limit access to known MAC addresses on the basis that you can't have too much security!
You can also limit the IP address range in the DHCP scope on your wifi access point and create reservations for the MAC addresses above.
You could even configure the wifi network to be a smaller subnet than the default, and use a non-standard internal network address instead of the ubiquitous 192.168.0.0 - but you have to fully understand IP networking to do so!
SD