Paypal sent an email addressing me with one of my old passwords as my name
It seems like the spammer got your personal information including your password through a security breach somewhere. Why did they use your password instead of your name? I would say it was an honest mistake on their side. They just mixed up the fields when designing the spam mail.
When you are still using the password somewhere, you should change it ASAP. In the future you should avoid using the same password for different services. Data breaches become more and more frequent, and they even hit larger companies which really should know how to secure their systems. Using a password manager like KeePass can help you to manage all the different passwords.
As the answer by phillipp stated, there is a good chance they got your password from some form of security breach. I doubt that they would have obtained that through Paypal's system. It could have happened in one of the following ways, to name a few (with tips on how to protect yourself from each one).
At some point you could have accessed a fake PayPal website, via an external source. Perhaps you clicked a link in an email and didn't check the URL and put your Username/Password (old one) into a fake site which recorded your information. Then perhaps they were trying to obtain updated information from you, and made a mistake on their spammer with your password as your username. This might be explained by you possibly putting your "password" into the username field when you went to this fake site, by mistake. That is one possibility. To protect against this ALWAYS check for https://www.paypal.com as the login URL at the top. Anything else would be fake. Also you can always type it in directly instead of following any In-email links to be safe. As per the comment, the Heart bleed issue could also be the explanation. However, as a side note.. from what I read, PayPal was not affected by this bug. I checked and verified this from several sources.
You could have a trojan or keylogger on your computer (or had one in there at the time of entering). Again you could have accidentally entered your password as your username so the keylogger could have detected it wrong, or just could have gotten them mixed up when they submitted it to an external source. Just make sure you have strong virus scanning software to protect against this.
Internet explorer is another possible culprit. I have read a lot lately where they were telling everyone not to use IE anymore, as it had a huge security vulnerability. If you used IE for this in the past, that could have been another possible cause.
These are three possible situations.
Someone in the comments requested for me to provide resources in regards to the IE security vunerability. A google search for the term "IE Security Vunerability" will return some results.
Also the following link has some details pertaining to the specific security issue that I am speaking about in this answer.
http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/
http://www.reuters.com/article/2014/04/28/us-cybersecurity-microsoft-browser-idUSBREA3Q0PB20140428
http://www.geekwire.com/2014/u-s-government-advises-everyone-stop-using-internet-explorer-security-hole-surfaces/
Other sources can also be found by performing similar searches on Google, and other major search engines.