Not a bug really, $decode can be abused to do all sorts of things and decode into commands. In your example, it probably intended to read perform.ini because a lot of people have their passwords stored in perform.ini to identify on connect and perhaps other confidential stuff too.
The person who made it was a bit stupid though (shock horror), it was probably intended for a specific network where that channel was -n and therefore DID accept channel messages from outside the channel.
It is NOT a good idea to write what others tell you to type, particularly if it has $decode in it, you can bet your bottom dollar it's bad - incase you're wondering, it does have its uses and is not always abused, hence why it's kept in mIRC.
It's important to stay safe on IRC, your nickname/username password is not the only thing that can be lost by careless mistakes, you could end up infecting your computer and lose all kinds of information/documents. You might want to look at this document
if you're not 'IRC savvy'.