MAC restriction doesn’t really add anything security-wise either. A network sniffer can easily see the MAC addresses of devices connected to a network, and MAC addresses are very easily spoofed.
Really, the only sure way of protecting your access point against intrusion is WPA2 with a (very) strong password. Given that you don’t have to enter this often, it should be as long and complex as possible, certainly over 15 characters of mixed lower/uppercase, numbers, symbols, etc.
If you are really paranoid, you could set up WPA-Enterprise (WPA-802.1X mode) which will prevent dictionary attacks against the key passphrase.