A big problem I've hit with the Yii-Bootstrap extension is that all AJAX requests are initializing Bootstrap because of preload. This is a huge waste of resources, especially when using AJAX-based file uploaders that split the file into chunks. Large file uploads using that method could be initializing bootstrap hundreds of times.
First param in CActiveDataProvider could be a string with model name or instance of class. So, you may use CActiveRecord::cache() for cache, but you need set third param to 2, because you should cache 2 queries: counting and get data.
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.