MAC filtering isn't a wise choice if your goal is to make your wireless network secure, since MAC address are easily spoofed, at least on Linux-based OS.
If you say that you had set up a non-trivial password (which would make a dictionary/brute force attack unpractical), and that your room mate had no physical access to your router, then I guess your router is either not authenticating you securely (i.e. sending password in cleartext, which could then be intercepted) or there's some kind of security hole in your router administration software that he is aware of.
Anyway. I don't know who should have access to your wireless network, but that shouldn't stop you from making it secure, i.e. using something like WPA2-PSK AES. Of course, if there's a security hole in your router administration software that you can't fix, people for who you gave access to your wireless network will always be able to modifiy your router settings, but then...
__________________
E8400 (C0) @ 3.75 GHz -- HDT-S1283
|