It's the most recent entry the confirms the ones before it. Taping something to the monitor won't help because I can just author a plausible history of what comes next.
Instead this makes every new entry confirm the history (like how bitcoin works), but in the case of journald there is nothing preventing you from rewriting the history after the most recent snapshot of it and nothing to prove a particular snapshot is the good one except sending it off to a a secure location or using an external secure timestamping service.
And of course the attacker can still delete the logs unless you send all of them off to a secure location. ... and if you're doing that you really don't need any of this.
I fully agree with your point on undocumented binary formats. Thats about as anti-forensic as you can get. Though its not all bad, for example varnish uses binary logs but provides a cat tool that converts them into a normal text stream.. so your ability to grep them is not diminished. If handled well they could make the binary part only problematic for archival but not operations.