The safety aspect has not yet been addressed. VBA can read, manipulate and delete many things, including external files and the entire file system. It has everything that a nasty virus needs and therefore poses a potential risk. Therefore, you need trust in the developer and later users that no harmful things will be executed.
If you don't have that trust, including certifications and trusted locations, you'll want to stop VBA from running altogether. A way out there would be to use macros, because they only affect your own application. But this is only a poor way out, because an Access application that is only allowed to use macros is quite simple and uncomfortable. Great demands could not be implemented in this way, something like this will not prevail in practice.
But if you are allowed to use VBA, there are very few reasons to think about macros at all. What macros can do is provided via the DoCmd object and its methods. In principle, these are the options that can be called up via the menu/ribbon. There you have the big disadvantage that invoked actions take place where Access thinks it is active. Therefore, you often have to focus on the desired object first.
In VBA, on the other hand, you have elements of object-oriented programming, so you can address an object by its name even if it is not immediately active.