Any obfuscated code can be deobfuscated back in a finite time, and if you really don’t want someone to find out what you ran on their host, this thing can help. The idea is that the code is encrypted with a symmetric cipher, and the key is passed with http cookies when accessing the script. Cookies are usually not in log files, so when the script is discovered, the finder will not be able to find out what code was executed.

However, there is also a white-hat usage, for example, in attack-defense CTFs.