I thought this was a great examination of unintended consequences and a problematic (or unevolved) security model. I am sure it was useful to allow Excel to manipulate other Office programs, but in a networked world the surprise applications of this are dangerous.
I mean, being able to search for "password" in emails from Excel? What could go wrong?
As with other Office applications, if internet originated document contains VBA code, Excel opens it in read-only mode with disabled code execution and displays warning.
> I am sure it was useful to allow Excel to manipulate other Office programs
Your understanding is backwards. Other Office programs are not special, Excel can manipulate absolutely anything as VBA has a complete access to full Win32 API, that Outlook.Application is a COM object that can be accessed by any other Windows application including VBScript and PowerShell in about the same way.
Worth adding Excel’s default .xlsx format won’t even save macros.
And as Raymond Chen would say, if you have macro execution you’re already on the other side of the airlock. Being able to P/Invoke from VBA is really handy too!
I mean, being able to search for "password" in emails from Excel? What could go wrong?