attr_accessible & site administrator issue

I'm working on an app which has a :featured_at in Users and Groups
tables. The attribute enables a site admin to set records to a
:featured_at datetime. There's named spaced admin controllers for the
Users and Groups. The problem is, to set the :featured_at in the admin
controllers for users and groups, the attribute had to be exposed under
attr_accessible in User.rb and Group.rb. This means we're open to mass
assignment hacks on this attribute. Is there a more elegant route to
avoiding hacks than setting the params[:user][:featured_at] = nil (same
for groups) in the public facing controllers for :create and :update
actions?