The key idea here is the exclamation mark used in $decode, which prevents the latter from being evaluated (acting like $eval(...,0)). Try this in any mirc window:

//tokenize 32 $eval(#$bits,0) | echo 2 -a $1 | echo 3 -a $!decode( $encode($1,m) ,m) | .timer -d 1 0 echo 4 -a $1 | .timer -d 1 0 echo 5 -a $!decode( $encode($1,m) ,m)

(spacing is important here). You get

$decode( IyRiaXRz ,m)

$1's value is the blue line. The red line is what you get by inadvertently passing $1 to /timer: the $bits identifier is evaluated. The brown line is what you get using the decode/encode method: the original, unevaluated contents of $1. $safe($1) returns a string like the one in the green line, so when /timer fires, it evaluates that, and not the original string.

/.timerQ 1 0 echo /.timerQ 1 0 $timer(Q).com