In this paper, we put forward the problem of secure network function computation under the function-security constraint. In this model, a target function, of which the inputs are generated at multiple source nodes as source messages, is required to be computed with zero error at a sink node over a network, while a wiretapper, who can access any one but not more than one wiretap set in a given collection of wiretap sets, is not allowed to obtain any information about a target function of the source messages. The secure computing rate of a secure function-computing network code is the average number of times the target function can be securely computed for one use of the network. However, characterizing this secure capacity with this general setup is overwhelmingly difficult. In this paper, we consider this secure model in which the target function and the security function are identical to be a linear function; and the wiretapper can eavesdrop any one edge subset up to a size r, referred to as the security level. We obtain a non-trivial upper bound on the secure computing capacity, which is applicable to arbitrary network topologies and arbitrary security levels. When r=0, the upper bound reduces to the computing capacity without security consideration. By applying the upper bound, we obtain an upper bound on the maximum security level such that the function can be securely computed with a positive rate, and fully characterize the secure computing capacity for a class of secure models. Finally, we prove that our upper bound is always larger than or equal to the upper bound previously obtained by Guang et al. on the secure computing capacity for source-security. This is consistent with the relation between the secure computing capacities for source-security and function-security.