Macros Security and Sharing Issues
The primary security issues concerning macros are:
Intellectual property protection
Virus avoidance and protection
Because macros distribute as source code and cannot be compiled, anyone can view your code. To protect your intellectual property, you can place your code into an Add-in, compile it, and then distribute only the compiled binary files. This prevents others from viewing your source code.
As for macros and viruses, Visual Studio macros are secure in that no macro code runs automatically when a macro project is opened. You must explicitly run the macro. In addition, you can inspect the code before running it to ensure that it is safe. When Visual Studio opens a macro project, it looks for any event handling code that can run automatically, and if it finds it, warns you that such code is present. If this happens, you can elect to disable the code so that you can open it safely.
Each Project node has its own individual security settings. You can specify on a project-by-project basis whether or not event code is disabled. The settings are:
Disable event handling code.
Enable event handling code. (Default)
This allows you, for example, to disable event handling code on only certain macro projects.
Macro Sharing Issues
There are two formats for saving macro files: binary or text. Saving macros in binary format (.Vsmacro) makes it easier to distribute multiple macro projects simultaneously since they are all contained in a single file. Saving macros as a text file makes the code more portable and makes easy to, for example, cut and paste a macro into an email message and share it with others.
If a binary macro project has references to components that are not distributed with Visual Studio, such as .dll files and type libraries, then you must include those components along with the .Vsmacros file when you distribute it.
If someone sends you a macro project, it is highly recommended that you set its Security property to "Disable event handling code" and then inspect the code before running it. Otherwise, you could unwittingly invoke a virus or other damaging code.