This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
Sometimes the active form we wish to use to edit/add a new element on our database is too small and we believe that is much better to use an AJAX'ed dialog/slide form rather than reloading the page to just display one or two fields.
We all know how good 'gii' automates the code for us and we normally tend to be happy with what that tool offers at the beginning of our Yii learning curve. But as soon as you start working in larger and larger projects, you realize that its code is too repetitive to maintain and having a small pitfall in general actions means to go over and over through them to fix the issues.