1. despite the chicken-little style warnings, i've never seen an attack using eval on a supposed data source. people use google CDN scripts all the time, even from https. The fact that most people use JSON.parse likely means an attack requiring eval has a limited vector and a huge failure footprint.
2. the charts on performance seem to indicate that it's roughly 2-3X faster to use parse instead of eval. But, since it's typically a one-time operation, 1mb data /sec is not really noticeably faster than 400kb /sec.
aside from that, you are advocating a user-land JSON.parse() and if you compare that to eval(), eval() beats the pants off of a json2.js-style add-on.
i'm not saying don't use parse, i'm just saying that the reasons for not using eval() are not terribly compelling.
Still, it's better to use Function("return "+strJSON)() instead of eval as its faster and safer.
you can do something like this for a more secure "poor man's parser" where JSON is not built-in (ala IE7, ASP, JSC.exe, etc):
var window, self, document, top, alert, eval, require, module, Response;
return Function("return "+strJSON)();