This paper considers improving the confidentiality of visible light communication (VLC) links within the framework of physical-layer security. We study a VLC scenario with one transmitter, one legitimate receiver, and one eavesdropper. The transmitter has multiple light sources, while the legitimate and unauthorized receivers have a single photodetector, each. We characterize secrecy rates achievable via transmit beamforming over the multiple-input, single-output (MISO) VLC wiretap channel. For VLC systems, intensity modulation (IM) via light-emitting diodes (LEDs) is the most practical transmission scheme. Because of the limited dynamic range of typical LEDs, the modulating signal must satisfy certain amplitude constraints. Hence, we begin with deriving lower and upper bounds on the secrecy capacity of the scalar Gaussian wiretap channel subject to amplitude constraints. Then, we utilize beamforming to obtain a closed-form secrecy rate expression for the MISO wiretap channel. Finally, we propose a robust beamforming scheme to consider the scenario wherein information about the eavesdropper's channel is imperfect due to location uncertainty. A typical application of the proposed scheme is to secure the communication link when the eavesdropper is expected to exist within a specified area. The performance is measured in terms of the worst-case secrecy rate guaranteed under all admissible realizations of the eavesdropper's channel.