Device-to-device (D2D) communication is a promising solution to meet rapidly growing demands for data services via spectrum reuse. This paper studies the physical layer security in a D2D underlay cellular network from a network-wide perspective, where the locations of D2D and cellular users are modeled as Poisson cluster processes (PCPs) to characterize the clustering feature of D2D users, the locations of eavesdroppers (Eves) and base stations (BSs) are modeled as a PCP and Poisson point process (PPP), respectively. We establish an analytical framework to assess the coverage and security performance of the network. Two scenarios are considered, i.e., one D2D pair scenario and multiple D2D pairs scenario, where in each cell there is one or multiple D2D users (DUs) sharing the frequency spectrum with the cellular users (CUs) in each time slot of the TDMA scheme adopted by BSs. In each considered scenario, we derive exact expressions for the coverage outage probabilities (COPs) and secrecy outage probabilities (SOPs), respectively, for both the CUs and DUs. Furthermore, the exact expression for the network-wide secrecy throughput (ST) is derived. Numerical results are presented to verify our theoretical derivations and reveal some insights into the impact of various parameters on the system performance.