WPA can be cracked, but only if the network uses the TKIP algorithm. WPA-AES, as well as any flavor of WPA2, are still bulletproof.
WEP… you may as put the key on a billboard in front of your house. As long as there'* sufficient traffic, WEP can be cracked in 20-120 seconds.
MAC filtering keeps out the casual snoopers. However, MAC filters run on Layer 2, while anyone on the network is on Layer 1. Thus, all one has to do is drop to promiscuous mode, capture some packets, and spoof a whitelisted MAC address. For the average user, it'* plenty secure. However, it'* a pain if your friends come over. As much of a nerd as I am, I'd rather be opening a beer than messing with router configurations.
ymmot04 gave a good description of IPv4 subnet masks, so that solves your addressing issues.
As far as your wired topology goes, get rid of as many routers as you can; in your setup, it adds unneeded complexity with no payoff. If you can't/won't go wireless, run some cables. (Or, run them through the walls and put Ethernet jacks next to all of your outlets, if you're feeling adventurous.)
EDIT: You can only raise your transmit power to about 80-90 mW. Any higher on the stock antennas, and you just introduce noise into the spectrum. Only go higher if you have high-gain antennas
and preferably, some sort of extra cooling
. (Mine runs at 75 mW, stock cooling, without issue.)
$0.02 from a freelance network engineer. See? I do more than break, fix, and further break my Bonnie.