Meteor.absoluteUrl has a secure option which creates a HTTPS URL, so I guess Meteor only allows either the http or https protocol. So would it be any difference to not include the protocol, and just use //example.com/ as the ROOT_URL environment variable? Or it makes a difference?
Should I include the protocol for Meteor's $ROOT_URL environment variable?
The implementation of Meteor.absoluteUrl can be found here. As you can see, it modifies ROOT_URL (options.rootUrl) with https if secure is true and ROOT_URL uses the http protocol.
If you are hosting your site using https anyway, I'd recommend including it in the ROOT_URL, e.g. https://app.example.org. That's what we do and it works fine. It certainly seems easier to change an environment variable rather than modifying your code.
Note that if you don't want to specify the protocol you should set your ROOT_URL like app.example.org and not //app.example.org - again see the implentation.