It's not Rails-specific that you need to protect your models with reasonable security logic. This particular flavor of "oops, not protected by default" is Rails-specific.
And Rails is highlighting the fact that "allowed by default" is convenient, while the post highlights the fact that "allowed by default" is insecure :-)
When I say "this particular flavor of", I use that to distinguish between Rails and other frameworks. The protected attribute tags that Rails uses are not common to other frameworks.
And Rails is highlighting the fact that "allowed by default" is convenient, while the post highlights the fact that "allowed by default" is insecure :-)