My thoughts exactly. The OP mention MAC address spoofing, but that doesn't sound like what is happening. OP said that he saw a MAC he didn't recognise, hence he knew somebody else was breaking in. MAC address filtering WOULD work in this case, as you describe, because then you would have to spoof the MAC from the pool allowed addresses.
Also, I don't agree that using MAC address filtering, or hiding your SSID are pointless. Yes, they can be bypassed with just a little knowledge, but they are basic preventative measures that keep the idle, less technical people out who are just looking for an easy WAP to jump on. It helps keep the opportunists away.