When Meteor was released it was floating on the front page of HN for a while and attracted a lot of attention. One of the biggest criticisms people had was the total lack of authentication, which the developers said would be released eventually.
The issue with Meteor was that all clients have full write access to the server-side database, including other users' data. Which is problematic, to say the least.
This actually isn't true. One can easily remove the "autopublish" package to disable the behavior of publishing all data to the client, and selectively publish only certain records to the client. Then, all client-side database modification methods can be disabled, and using server-side functions, an authentication system can be built and you can build your application's logic.
As a consequence of its design, HTTP Basic auth wouldn't have worked as expected with meteor. All it could've done is prevented access to the whole website, users would still be able to see each other's stuff.
Eventually starts now, I guess.