An attacker creates a VBA macro via MS Office with malicious code. He compiles the macro via Office. Office saves the precompiled code in the VBA project.
In the second step, the macro code can be manipulated so that the plain text of the macro appears harmless. This must happen without MS-Office, so that the precompiled code is preserved.
If the document manipulated in this way is opened and the code is executed, then only the precompiled malicious code is executed and not the code in plain text!
In the default settings of Office, the user is asked whether he wants to activate the macro, but even if he opens the VBA editor and reads through the code, he cannot see the precompiled code!