WEP-64 and WEP-128 provide minimal security. As the key doesn’t rotate, it is a relatively weak level of security (WEP-128 is obviously better)
WPA uses an exchanged passphrase to then rotates the key using one of two encryption algorithims: TKIP or AES. AES is the more secure of the two with twice the key length and other improvments.
WPA2 improves upon WPA, and brought with it the AES encryption protocol.
Generally, the best practice is to use the highest security level that all of your devices support.
In terms of turning off SSID broadcast, it provides a slight additional level of security. However, it can be sniffed anyway, so it only keeps out casual attacks and also causes issues with many broadcom wireless cards.