attr_accessible :email, :password, :password_confirmation
If not, can you please give example of method which prevents 'undefined' error when attr_accessible is removed.
It is safe. Attr_accessible is only dangerous for attributes that control your application logic. For example, if you have a flag that says "yes I've checked this user is an admin", and it can be set by the user instead, because it's attr_accessible, then it's a vulnerability.
Since the password is a piece of information that is provided by the user anyway, making it settable by the same user does not change anything.