XTC46,
You're right about WPA. If implemented correctly (basic rule, use a complex passphrase) it is very hard to break. WPA requires someone to capture an enormous amount of packets in crack it.

About IPSec, some security is better than none. We use certificate authentication with RSA two-factor authentication as well as 3DES on our VPNs.