but AAA will work only if we will run the router in the normal mode and what is the security if someone can attempt to break the paasword in the rom monitor mode.

Unfortunately there is no security from someone cycling the router and breaking in in rommon, you have a few options

1. physically secure it under lock & key with restrivted access to the room.

2. thers is an undocumneted command no service password-recovery , this will prevent someone from gaining access via a pw recvovery , the down side it it also resticts you .

2nd option solves the problem very well but when I apply this command no body can access the rom monitor mode of the router even I. What will happen if someone accidently changes the password and forget it, So as long as I think the router will become useless or is there any way to recover it, I mean by replacing the hardware or any other trick.

"no service password-recovery" doesn't turn the router into a brick if you forget the password. What it does is prevent access to the router's startup-config. If you forget the password, you are required to wipe the configuration and start over. This is good if the router is in an untrusted location, because it prevents unauthorized users from "peeking" at your configuration even via the password-recovery procedure and possibly learning things like your private passwords, SNMP communities, AAA secrets, etc.

If someone forget the console or vty line access password how can he wipe the configuration as he will not get access to the router and if there is some way kindly let me know.