logrotate security
Solution 1:
As long as the user can write and create files in the directory with your log files, you can use another user. However, if your logrotate config is editable only by root, then I don't see much risk there. If someone can subvert that they can gain root and can cause far more harm than just messing up with log files, so the concerns, while certainly exist, do not really justify customizing a standard app such as logrotate.
Solution 2:
If the logrotate config is writable only by root, you shouldn't have any problems with people changing it to overwrite random files. If you wanted to run it as another user, you'd have to ensure that user had access to change all the log files you want rotated, which will add complexity with very little return.