You can, but it's not recommended. If someone were to break into your system, even though they couldn't modify your logs, they could rotate them enough times (by executing the log rotation utility manually) that the log containing the information gathered during the intrusion is dropped off the face of the earth. This is part of the price you pay for high security.
An alternative solution to giving your log rotation utility write access to /var/log, is to give the cron daemon write access to /var/log and make it inheritable:
lidsconf -A -s /usr/sbin/crond -i -o /var/log -j WRITE |
UPDATE: Because of the new time restriction feature, it is recommended that if crond has write access to /var/log, it should be limited to a specific time period. For example, if logrotated is executed every day at 6:00 AM by crond, limit crond's write access to a 1 minute window:
/sbin/lidsconf -A -s /usr/sbin/crond -i 2 -o /var/log -t 0600-0601 -j WRITE |