This paper investigates the secrecy capacity region of multiple access wiretap (MAC-WT) channels where, besides confidential messages, the users have also open messages to transmit. All these messages are intended for the legitimate receiver (or Bob for brevity) but only the confidential messages need to be protected from the eavesdropper (Eve). We first consider a discrete memoryless (DM) MAC-WT channel where both Bob and Eve jointly decode their interested messages. By using random coding, we find an achievable rate region, within which perfect secrecy can be realized, i.e., all users can communicate with Bob with arbitrarily small probability of error, while the confidential information leaked to Eve tends to zero. Due to the high implementation complexity of joint decoding, we also consider the DM MAC-WT channel where Bob simply decodes messages independently while Eve still applies joint decoding. We then extend the results in the DM case to a Gaussian vector (GV) MAC-WT channel. Based on the information theoretic results, we further maximize the sum secrecy rate of the GV MAC-WT system by designing precoders for all users. Since the problems are non-convex, we provide iterative algorithms to obtain suboptimal solutions. Simulation results show that compared with existing schemes, secure communication can be greatly enhanced by the proposed algorithms, and in contrast to the works which only focus on the network secrecy performance, the system spectrum efficiency can be effectively improved since open messages can be simultaneously transmitted.