The only reason anyone on a wired LAN would be in danger of having their traffic sniffed is if there is a hub somewhere in the setup (highly unlikely these days) or a man in the middle attack is set up. Switched networks only send packets to the devices that need them, thus the sniffer tool Firesheep sees nothing. Man in the middle would require a computer(or hacked router, etc) with 2 NICs set up to route transparently, and would only impact any computers downstream.

WPA at a minimum is needed to secure against Firesheep on WiFi. You seem to have that covered with plans to go to WPA2. Keep in mind though WPA personal is still vulnerable to other issues, and it's trivial to add support to some newer Firesheep release to work even on WPA/WPA2 personal setups. WPA enterprise is the next step needed to be a bit more secure.

If you secure the network hardware in the main switch room, and the uplink, the most someone could do is sniff their roommates traffic. At that point it's probably not your concern if it is happening.