We address secure network coding over networks with unequal link capacities in the presence of a wiretapper who has only access to a restricted number of k links in the network. Previous results show that for the case of equal link capacities and unrestricted wiretapping sets, the secrecy capacity is given by the cut-set bound, whether or not the location of the wiretapped links is known. The cut-set bound can be achieved by injecting k random keys at the source which are decoded at the sink along with the message. In contrast, for the case where the wiretapping set is restricted, or where link capacities are not equal, we show that the cut-set bound is not achievable in general. Finally, it is shown that determining the secrecy capacity is a NP-hard problem.