While I'm trying to update the AID field in database with this function:

static function aidInsert()
{
    $model = Users::model()->findAll();
    foreach($model as $m)
    {
        $code = alphabeticCode();
        $aidk = Users::model()->findByAttributes(array('aid'=>$code));
        if(!empty($aidk))
        {
            $code = alphabeticCode();
        }
        $m->aid = $code;
        $m->save();
    }
}

(alphabeticCode Method is just a method used to generate random strings.)

the whole user's password stored in password field is completely changed into some piece of md5 hash, right after this function completed.

Did I do anything wrong?

Using save() saves every attribute by default - but you can specify which attributes to save:

$m->save(true, array('aid'));
// true to use validation, the array to specify which attributes to save