As I understand it, you might not want to send the whole log activity across the network (imagine a mobile device, say) but you still want to get the security against tampering that this provides. So instead you just send a cryptographic hash of the whole journal once a day - or even print it out to a dot matrix printer as someone else suggested. You can then use that hash to check the whole journal hasn't been tampered with since the hash was generated.
Second, of course this does not provide security against someone nuking the whole log. But if you see the whole of /var/log is gone, that's already a pretty strong indication that something is wrong with your machine. The attack guarded against is someone breaking in and sneakily modifying past log entries to hide their traces.
Third, yes it would be harder to grep than a plain text file. Luckily, Unix also has the concept of pipes, so I guess it won't be any harder than 'journalcat | grep pattern' where journalcat is the tool that spools out the whole journal as text. That should be good enough.
Fourth, if your system is potentially compromised then of course you cannot trust that system to give you an honest answer about what the logs contain. That is equally true with plaintext syslog or any logging system restricted to the local machine. You can, however, take a copy of the whole log entry, put it on a clean machine and analyse it there. The advantage over syslog is that you can use the cryptographic hash (which you were taking a copy of every 24 hours, as above) to check that the journal is uncorrupted. If somebody has tried to mess with the log, they won't be able to do so without you noticing.
"The Journal" has other advantages over syslog, including some measure of checking who is logging what (so you can't start a random process and claim to be apache on port 80 for the purpose of log messages).