Most consumer wireless APs/routers have WPS (Wi-Fi protected setup) enabled, with no way of turning it off. The WPS mechanism has a weakness that makes wpa2-psk protection utterly useless. Google for "reaver wps", proceed to download, and crack all networks in your area within 24h, even the ones with 30+ char passphrases. The entire "security" of wpa2-psk is bypassed.
One solution is to run an open network, with IPsec combined with an authenticating gateway.
Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.