There is a small gotcha in rails attr_accessible method in ruby.

• If there are no attr_accessible attributes on a model it’s open, any attribute can be written with .update_attributes() or a similar mass-assignment function.
• If there is even one attr_accessible the model is closed except for those attributes defined to be attr_accessible.

So there is an implicit toggle involved in attr_accessible as well as the actual desired functionality of allowing an attribute to be mass-assigned