You are right in identifying this as a possible problem (and posably a practical attack vector).
If you are particularly paranoid, then you could setup a VPN through which all your wireless connections run. This could be run on either the router/AP directly (some Linux based routers run OpenVON like a charm) or another machine on your network. That way if your wireless machines end up connecting to a different network they will either get through to your network securely (bit probably much more slowly) as the VPN will protect the traffic or (if the VPN isn't publically connecable) they won't get through but you will at least know there is a problem and still no information (beyond "this guy is trying to connect to a VPN") will be exposed. For extra securitry set your network routing such that machine can only see the network over wireless through the VPN (so if someone else hits your network accidentally or otherwise they won't get beyond the firefall without a valid set of VPN authenticaion credentials) and that any services on the wireless machines are only available on the VPN (so they can't be probed if you accidentally join an alien network).
With all of the above in place you could actally turn the wireless security off and just rely on the VPN, firewall and routing rules to protect you. Though there is little harm having the second level of protection.
The only major hole left here is that an attacker could setup a VPN end point on their network that mimicked yours, but this would require insider knowledge or other access to your network (i.e. they would need to have access to your server's private keys or your certificate/key signing keys) by which point they don't need to mimic the VPN anyway.
Caveat: I've not yet been paranoid enough about the traffic that is sent over my home wireless network or others I have any responsability for (the few things we are that paranoid about, such as client data or authentication to access the same, simply don't go anywhere near a wireless connection without being wrapped in a VPN tunnel or other encryption), so I have not yet got around to setting this up myself. It is on my "when I have time to play" list though!