Never mind the cost. They are proposing that you run your app, with its 3rd-party jquery/facebook/twitter/google code loaded dynamically over non-SSL connections on a platform with filesystem-write-access to your server.
It is much less safe. PhantomJS has a filesystem API, which is fine when you consider that its primary use case is testing code you wrote and reporting the results. However, given that it is fairly easy to create a bridge between the PhantomJS and WebKit JavaScript runtimes, or to exploit common patterns for making such a bridge, running arbitrary 3rd-party code, loaded over a connection not verified by an SSL cert chain, is asking for trouble. This is an obvious backdoor to get write access to Meteor servers.
I think people's confusion lies in the fact that there are actually two separate areas where javascript is run in Phantom: one is the javascript that controls Phantom and has a filesystem API; the other is the javascript that gets run inside the browser sandbox as part of the web page, just like any other javascript run in any other browser. It is possible to set up a bridge between the two such that the latter can issue commands to the former, just as you can curl sites and pipe them into bash. The point is that with default settings you can use PhantomJS to load a website without any danger whatsoever.
If you disagree, please write a more worthwhile comment showing me which part of the API is dangerous.