Without arguing the semantics, yes the statement is true.

There are multiple standards for WIFI encryption including WEP, WPA and WPA2. WEP is compromised, so if you are using it, even with a strong password it can be trivially broken. I believe that WPA is a lot harder to crack though (but you may have security issues relating to WPS which bypass this), and as of October 2017, WPA2 also offers questionable security. Also, even reasonably hard passwords can be brute-forced - Moxie Marlinspike - a well known hacker offers a service to do this by for US$17 using cloud computing - although its not guaranteed.

A strong router password will do nothing to prevent someone on the WIFI side transmitting data through the router, so that is irrelevant.

A hidden network is a myth - while there are boxes to make a network not appear in a list of sites, the clients beacon the WIFI router thus its presense is trivially detected.

MAC filtering is a joke as many (most/all?) WIFI devices can be programmed/reprogrammed to clone an existing MAC address and bypass MAC filtering.

Network security is a big subject, and not something amenable to a Superuser question, but the basics are that security is built up in layers so that even if some are compromised not all are - also, any system can be penetrated given enough time, resources and knowledge, so security is actually not so much a question of "can it be hacked", but "how long will it take" to hack. WPA and a secure password protect against "Joe Average".

If you want to enhance the protection of your WIFI network you can view it as a transport layer only, and encrypt and filter everything going across that layer. This is overkill for the vast majority of people, but one way you could do this would be to set the router to only allow access to a given VPN server under your control, and require each client to authenticate across the WIFI connection across the VPN - thus even if the WIFI is compromised there are other [harder] layers to defeat. A subset of this behaviour is not uncommon in large corporate environments.

A simpler alternative to better securing a home network is to ditch WIFI altogether and require only cabled solutions. If you have things like cellphones or tablets this may not be practical though. In this case you can mitigate the risks (certainly not eliminate them) by reducing the signal strength of your router. You can also shield your home so that frequency leaks less - I've not done it, but strong rumour (researched) has it that even aluminum mesh (like fly screen) across the outside of your house, with good grounding can make a huge difference to the amount of signal that will escape. [ But, of-course, bye-bye cellphone coverage ]

On the protection front, another alternative may be to get your router (if it's capable of doing it, most aren't, but I'd imagine routers running openwrt and possibly tomato/dd-wrt can) to log all packets traversing your network and keeping an eye on it - Hell, even just monitoring for anomalies with total bytes in and out of various interfaces could give you a good degree of protection.

At the end of the day, maybe the question to ask is "What do I need to do to make it not worth a casual hackers time to penetrate my network" or "What is the real cost of having my network compromised", and going from there. There is no quick and easy answer.

Update - Oct 2017

Most clients using WPA2 - unless patched - can have their traffic exposed in plaintext using "Key Reinstallation Attacks - KRACK" - which is a weakness in the WPA2 standard. Notably, this does not give access to the network, or the PSK, only to the traffic of the targeted device.

As others have said, SSID hiding is trivial to break. In fact, your network will show up by default in the Windows 8 network list even if it's not broadcasting its SSID. The network still broadcasts its presence via beacon frames either way; it just doesn't include the SSID in the beacon frame if that option is ticked. The SSID is trivial to obtain from existing network traffic.

MAC filtering is not terribly helpful, either. It might briefly slow down the script kiddie that downloaded a WEP crack, but it's definitely not going to stop anyone that knows what they're doing, since they can just spoof a legitimate MAC address.

As far as WEP is concerned, it is completely broken. The strength of your password doesn't matter much here. If you're using WEP, anyone can download software that will break into your network pretty quickly, even if you have a strong passkey.

WPA is significantly more secure than WEP, but is still considered to be broken. If your hardware supports WPA but not WPA2, it's better than nothing, but a determined user can probably crack it with the right tools.

WPS (wireless protected setup) is the bane of network security. Disable it regardless of what network encryption technology you're using.

WPA2 - in particular the version of it that uses AES - is quite secure. If you have a decent password, your friend is not going to get into your WPA2 secured network without getting the password. Now, if NSA is trying to get into your network, that's another matter. Then you should just turn off your wireless entirely. And probably your internet connection and all of your computers, too. Given enough time and resources, WPA2 (and anything else) can be hacked, but it's likely going to require a lot more time and a lot more capabilities than your average hobbyist is going to have at their disposal.

As David said, the real question is not 'Can this be hacked?' but, rather, "How long will it take someone with a particular set of capabilities to hack it?" Obviously, the answer to that question varies greatly with respect to what that particular set of capabilities is. He's also absolutely correct that security should be done in layers. Stuff you care about shouldn't be going over your network without being encrypted first. So, if someone does break into your wireless, they shouldn't then be able to get into anything meaningful aside from maybe using your internet connection. Any communication that needs to be secure should still use a strong encryption algorithm (like AES,) possibly set up via TLS or some such PKI scheme. Make sure your e-mail and any other sensitive web traffic is encrypted and that you aren't running any services (like file or printer sharing) on your computers without the proper authentication system in place.

Update Oct 17, 2017 - This answer reflects the situation prior to the recent discovery of a major new vulnerability that affects both WPA and WPA2. The Key Reinstallation AttaCK (KRACK) takes advantage of a vulnerability in the handshaking protocol for Wi-Fi. Without going into the messy cryptography details (which you can read about at the linked website,) all Wi-Fi networks should be considered broken until they are patched, regardless of which particular encryption algorithm they're using.

Related InfoSec.SE questions regarding KRACK:
Consequences of the WPA2 KRACK attack
How can I protect myself from KRACK when I can't afford a VPN?

Since other answers on this thread are good, I think that, for those requesting a concrete answer (well... this is SuperUser, it is not?), the question could easily be translated as: "What should I know to make my WiFi network secure?".
Without negating (nor confirming) any of the other answers, this is my short answer:

The words of the cryptologist Bruce Schenier could be worthwhile advice for many users to remember:

The only real solution is to unplug the power cord.

This can often be applied to wireless networks: do we constantly need it working?
Many routers have a WiFi button to enable/disable wireless, like the D-Link DSL-2640B .
If not, you can always automate web enabling/disabling of wireless by using tools like iMacros (available as an extension for Firefox or as a standalone program) on Windows and many others on Linux.

And here are two tricks for WPA (please, forget WEP) password (a good WPA password will make attacks very difficult) creation (do not keep the default password) :

1. Use nonexistent and/or foreign words: SilbeasterStallonarius, Armorgeddon, HomecitusSapiensante (as no simple dictionary can be used to find them).
2. Create your own easy-to-remember (for you at least) sentence and define your password by taking the first character of each word. The results will be a hard-to-crack (8 characters minimum) yet easy to remember password that includes uppercase and lowercase letters, numbers and some other non-alphabetic characters:
   "You have two sons and 3 cats, and you love them." --> "Yh2sa3c,aylt."

And, for the sake of God: disable WPS right now! It is totally flawed.

Over in the Cisco Learning Network forum, a thread-starter asked:

Can WPA/TKIP be cracked? Either someone in my guesthouse used up 80 gigs of data or someone close by cracked the password and used it. I suspect someone in the guest house because i find it hard to believe WPA/TKIP can be cracked and even if it can be cracked it would not be easy to do. How difficult if at all is it to crack WPA/TKIP? I want to change the password for them anyway, can i use - and _ and? characters?

An obviously very smart fellow named "Zach" made this posting which the thread-starter, here (and others, here, too, if they're interested), should read.

In particular, read from about two-thirds of the way down his posting, where he begins with the words "The solutions:".

I'm using my gateway's "WPA-PSK (TKIP)/WPA2-PSK (AES)" setting. In keeping with this of Zach's posting...

Change the name of your router to something unique. Your ESSID is used by your wlan supplicant as a cryptographic salt over the PMK. Changing this will eliminate pre-computation attacks.

...I've long used my own unique ESSID. Additionally, in keeping with his...

Make a unique password incorpating unique characters, numbers, capitals. multiple words, and lowercase letters. This is more important than length. Increasing the length of the password will only increase the passwords strength but it doesn't need to be obscenely long. Strength lies in variance of potential. This will eliminate dictionary attacks and make brute-force impossible without a super-computer.

...mine is 25 characters which consist of letters, numbers, upper-and-lowercase, and special characters. No part of it spells anything.

I do several other things both which Zach does and doesn't enumerate there; but in addition to the above, and said other things, and in at least the spirit of what he wrote here...

Enable detailed logging and if possible forward that to your email.

...I long ago wrote a bit of scripting code that auto-launches with Windows startup, and just runs in the system tray; which code periodically, throughout the day, hard-refreshes and then parses the webpage in my gateway which lists all connected devices; and it then tells me both as a pop-up-with-triple-beep-through-the-motherboard-speaker (not the regular audio speakers, just in case they're muted or something) on my desktop-replacement-laptop computer's screen, and also via text to my phone (which is either in a pouch on my belt, or at least never more than five feet from me, 24/7/365), if anything new has shown-up.

For those without that skill, there are several "who's on my WI-FI" type apps out there, some of them free. A good and simple one is [this badboy][3]. Just auto-start it with Windows, let it sit in the system tray, and tell it to "beep on new device" and you'll have something similar to what my script does (except that it won't SMS you). However, using [a simple scripting tool][5] you can cause an SMS or email to be sent to your phone when a new device on the LAN makes the app beep.

Hope that helps.

Doubtful.

I disagree with davidgo's answer. While it is well researched and I agree with most of his information, I think it is a little pessimistic.

There are vulnerabilities in WPA2 covered already in the other answers. However none of these are unavoidable.

In particular, it should be noted that the brute force attack mentioned by davidgo is an attack on a weakness in MS-CHAPv2. See the cited author's reference [ https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ ]. If Ms-CHAP is not used, this weakness cannot be exploited. (deleted based on comment from author - wrong reference)

With the right pass phrase, SSID and avoiding compromised technology, I see no reason why a WPA2 secured network using AES256 would not be secure at the moment. Brute force attacks on such networks are not feasible, and even Moxy Marlinspike suggests this.

However, where I agree with davidgo's response is that most users don't make these efforts. I know that my own home network can be exploited, and even though I know how to fix it, it just isn't worth my time and effort.