Excel 'Security' overview
The following features of Excel may help in removing or mitigating some of the threats including those above.
Workbook Open protection (from Tools in the File Save As dialog)
This has become stronger in recent versions of Excel. A workbook protected with a file open password is an encrypted file. If you don't know the password you can't open it (without specialist software and or lots of time and effort).
Workbook modify password (from Tools in the File Save As dialog)
This allows people to view the contents of a workbook, but they cannot save back to the same file name. This can be very useful to reduce inadvertent edits, and improve change control.
Workbook Structure protection (From Tools >> Protection >> Protect Workbook
Allows people to view the workbook, but not change the visibility of sheets or the order. Should be used if worksheet protection is used. Codematic offer an Excel Add-in that will rapidly recover lost workbook structure passwords, see here for details.
Worksheet protection (From Tools >> Protection >> Protect Worksheet
Various options, users can usually view most of the worksheet, but only make defined changes in specific cells. Easy to bypass (very easy if workbook structure protection is not used), patronising and breaks much useful functionality (like the auditing toolbar). Personal view: negatives outweigh the positives - do not use. Codematic offer an Excel Add-in that will rapidly recover lost worksheet passwords, or remove them altogether see here for details.
VBA / Macro Security (from Tools >> Macros >> Security)
Controls how VBA code and XLM Macros are executed, it is essential this is not set to low for convenience. Medium is the minimum for any responsible organisation.
VBA Protection (from Tools >> VBAProject Properties in the VBA editor)
Prevents people from viewing and changing VBA code. Easy to bypass.
Careful design (from the developers skill and experience)
The value of good design for usability and for safety should not be underestimated.
Access to the VBA IDE and other Office features can be denied using Office system policies. This might stop meddlers, and may cause confusion and reduce skill development. Better training and maybe hiring, may be the best approach of all.