Turning of the SSID alone will not necessarily prevent a network from being connected. It is meant to deter network scans but it is clearly evident that this is flawed because Windows XP can detect networks with their SSID disabled. As can WEP and even MAC addresses.
WEP can be cracked within minutes... the US Government even proved this. Online cracking tools are available for WEP. Basically a software needs to do is to analyze the packets being sent and it can crack the code. I believe finding out machine MAC addresses uses this same method (a simple registry modification can change a MAC Address on a computer)
Both WPA and WPA2 offer a good amount of protection. It doesn't matter which one you use, except WPA2 needs more recent hardware in order to use it.
Of course, if you use in combination WEP, SSID disabling, and MAC addresses, they can significantly increase security.
