The point is that only HTTP.get() inside browser require CORS to be enabled on the server side. On non-browser environment, HTTP.get() can open any cross site web request.
Well the point is any other API will face the same restrictions in the browser. It isn't something JavaScript code can fix directly. If you need to call external services from the browser (and not everybody does), the isobuild APIs certainly don't make the situation worse.
Also HTTP.get() may be smart enough to detect cross-domain call failure and try to automatically proxy the call. Meteor has a server-side component that can act as a proxy.