Sorry I didn't get back to you sooner, with the 2.4ghz band there are only 3 non overlapping channels, 1, 6 and 11. These are the only ones that should ever be used. I am a certified CWNA and CWSP, (check out www.cwnp.com) trust me I know. N and G only is fine, don't do channel bonding, 20mhz only is fine, wifi protected setup is fine to leave enabled, it's just there to make the security configs easier. Leave SPI enabled, it makes the router more secure, as it watches all "conversations" going in an out of the router looking for oddities. You want the firewall on, it gives you alot of protection for your network and based on the testing I have seen, causes no noticeable performance issues (check out www.smallnetbuilder.com and their review of the 655)
As for the visibility of your wireless network, there is no security benefit to having it invisible, trust me most free wireless scanning apps will see your ssid anyway. Same goes for MAC filtering, it'a alot of work for almost no value. As for DHCP, no reason not to use it, I just limit my IP pool range to the total amount of devices I have plus 5. Your other settings are fine, and yes please goto WPA2-AES, unless the xbox or PS3 can't support it, which I doubt. You will get more thoughtput and be more secure.
The settings I am giving you are the same security settings you'll see at 95% of enterprises on their wireless networks, difference being they use WPA2 with a radius backend.
Enjoy!