Quality is delighting customers
I am looking for some reviews from your end. In early stage of my career I was working as an Application Tester, then I switched my career to Application Security Testing. Many companies do insist their QA to do Application Security Testing. But from my experience if your mindset is for Functional Testing you can not be a Security Tester.
Please let me know your views on
Are companies going on right path to allowing security testing to a functional QA?
I don't know what you mean by "functional QA" in your question. Do you have a functional QA team that is distinct from other kinds of QA teams?
A production specification can certainly include a security requirements section, and if the requirements are phrased in the right way, they can be tested. For example, you can verify that passwords are not stored in cleartext, of that a password needs to be at least six characters long with at least one digit and one special character. However, how do you test whether someone can break into your product and do something malicious?
There are security tools for scanning source code and/or web interfaces, but they tend to produce a lot of false positives, and they often require an expert -- ideally, a software developer with a security-oriented skill set -- to interpret. There are also security certification companies that specialize in using these tools to look for security bugs. As with QA teams, I believe some of these companies are good at their jobs and some are just "checking the boxes".
I think there is nothing wrong with having a QA team do security testing, but they need a very specialized skill set, the right tools, and a working relationship with the software developers.