Stored procedures are precompiled collections of SQL statements that are stored under a name and processed as a unit within a database, optimizing performance by reducing the need for repetitive query parsing and execution planning. They enhance security by encapsulating data access logic, allowing controlled access to data and reducing the risk of SQL injection attacks.