"Dave Peterson" wrote in message
...
I'm not Chip, but until he returns...

Excel Addins (*.xla's) are not secure at all--and without a password, even
the
most mildly curious will be able to see/modify your code.

Addins with passwords are only slightly better. The passwords will stop
the
honest--but not the determined. And there are password breakers all over
the
internet. With enough money (about 50 USD, IIRC), anyone can see and
modify

Not talking about this particular case, but I frequently hear the 'you can
buy a password cracker so the password is useless' statement. I bought one
yesterday and ran it against the file open password on an Excel file. I'd
used a deliberately obscure, completely non alphanumeric long password. It
went through the dictionary attack (and failed, obviously) in 5 seconds. It
then started on the brute force attack (well, a sort of refined brute
force). I turned it off after a few hours when it was still running
bXXXXXXX. As a matter of fact when I tried to set it up to so that it would
(eventually) get my password it complained that it would take too long, and
shortened the length of the passwords it would try, basically guaranteeing
it wouldn't ever get mine. It estimated 45,000 days!

I think it's a myth. Sure, if somebody uses their first name+last name as a
password, that's easy to crack. I've 'cracked' that often enough when I've
needed to log on as a user and I know their name. But I really don't think
that passwords are as useless as everybody says. If you know how to make a
very strong password then you can do a lot.

Mike