It's pretty easy to crack MAC access control. My D-Link wireless card came with a utility to SET the MAC address. You just need to sniff some successful traffic, find a good MAC address, then steal theirs. There are a few wrinkles, such as you can't both be using the same MAC address at the same time, etc.
There are tools that make it easy (but time-consuming) to crack WEP. As stated above, WEP is pretty good security if you change the key. But if you have more than 2 or 3 users, you really can't change the key very often.

The better solution is 802.1x authentication, coupled with WEP. Here's a decent presentation about the subject: http://www.shmoo.com/1x/html/802.1x_files/frame.htm