Quantum cryptography provides absolute security against an all-powerful eavesdropper (Eve). However, in practice Eve's resources may be restricted to a limited aperture size so that she cannot collect all paraxial light without alerting the communicating parties (Alice and Bob). In this paper we study a quantum wiretap channel in which the connection from Alice to Eve is lossy, so that some of the transmitted quantum information is inaccessible to both Bob and Eve. For a pureloss channel under such restricted eavesdropping, we show that the key rates achievable with a two-mode squeezed vacuum state, heterodyne detection, and public classical communication assistance - given by the Hashing inequality - can exceed the secret key distillation capacity of the channel against an omnipotent eavesdropper. We report upper bounds on the key rates under the restricted eavesdropping model based on the relative entropy of entanglement, which closely match the achievable rates. For the pure-loss channel under restricted eavesdropping, we compare the secret-key rates of continuous-variable (CV) quantum key distribution (QKD) based on Gaussian-modulated coherent states and heterodyne detection with the discrete variable (DV) decoystate BB84 QKD protocol based on polarization qubits encoded in weak coherent laser pulses.