We study the physical-layer security of a cognitive radio system in the face of multiple eavesdroppers (EDs), which is composed of a secondary base station (SBS), multiple secondary users (SUs) as well as a pair of primary transmitter (PT) and primary receiver (PR), where the SUs first harvest energy from their received radio frequency signals transmitted by the PT and then communicate with the SBS relying on opportunistic scheduling. We consider two specific user scheduling schemes, namely, the channel-aware user scheduling (CaUS) and the energy-aware user scheduling (EaUS). In the CaUS scheme, an SU having the best instantaneous SU-SBS link (spanning from SUs to SBS) will be activated to communicate with the SBS. By contrast, the EaUS scheme takes into account both the amount of energy harvested from the PT and the instantaneous quality of the SU-SBS link. We analyze the security-reliability tradeoff (SRT) of both the CaUS and EaUS schemes in terms of their intercept versus outage probability. We also provide the SRT analysis of traditional round-robin user scheduling (RrUS) used as a benchmarker of the CaUS and EaUS schemes. We demonstrate that the EaUS scheme achieves the best outage and secrecy performance in the high main-to-eavesdropper ratio (MER) region, but a worse secrecy performance than the CaUS method in the low-MER region. Moreover, from a security versus reliability perspective, the CaUS outperforms both the EaUS and the RrUS in the low-MER region. Surprisingly, this also implies that although the user scheduling criterion of EaUS exploits the knowledge of both the amount of harvested power and instantaneous channel state information (CSI), it exhibits a degraded physical-layer security in the low-MER region due to the fact that the increased harvested energy is beneficial not only for the legitimate SBS receiver but also for the EDs.